我四处搜索,找不到很多信息,基本上我有 Windows 2008 R2,我创建了 PowerShell 脚本来将 PFX 文件加载到本地机器的证书存储中。
现在我需要授予我的应用程序池的权限以使用 PowerShell 读取证书的私钥。
在旧的 Windows 2003 中,我只需要获取位于文件C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\
夹中的实际文件,但看起来 Win 2008 使用不同的文件夹。
有人有解决办法吗?
-- 更新我的代码版本 --
function Grant-CertificatePermissions([string]$certSubject,[string]$user,[string]$permissionType,[string]$permission = $args[3])
{
$getCert = Get-LocalMachineCertificate $certSubject
$keypath = Get-CertificateStorePath
$certHash = $getCert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName
$certFullPath = $keypath+$certHash
$certAcl = Get-Acl -Path $certFullPath
try
{
$accessRule=new-object System.Security.AccessControl.FileSystemAccessRule $user, $permissionType, $permission
$certAcl.AddAccessRule($accessRule)
}
catch [System.Exception]
{
throw "Invalid User Id Or Permission"
}
Set-Acl $certFullPath $certAcl
}
function Get-LocalMachineCertificate([string]$subject, [string]$certificateStoreLocation, [string]$certificateStoreName)
{
$getCert = Get-ChildItem -Recurse Cert:\$certificateStoreLocation\$certificateStoreName | Where-Object {$_.Subject -eq $subject}
if(!$getCert)
{
throw "Certificate Not Found"
}
return $getCert
}
function Get-CertificateStorePath
{
$commonCertPathStub = "\Microsoft\Crypto\RSA\MachineKeys\"
$programData = $Env:ProgramData
if(!$programData)
{
$programData = $Env:ALLUSERSPROFILE + "\Application Data"
}
$keypath = $programData + $commonCertPathStub
return $keypath
}
在我的Get-CertificateStorePath
函数中,我得到的值是C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\
,在我获得证书哈希后,完整的文件看起来像C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d82829f7770ea5d85ef978dea67f302d_4cca7190-7e9f-46d7-b180-6656fec432e2
,当我执行Get-Acl
行时我有异常Cannot find path 'C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d82829f7770ea5d85ef978dea67f302d_4cca7190-7e9f-46d7-b180-6656fec432e2' because it does not exist.
。
我浏览了那个文件夹,我确实找不到这样的文件。
- 更新 -
function Import-PfxCertificate ([String]$certPath,[String]$certificateStoreLocation ,[String]$certificateStoreName, $pfxPassword)
{
$pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2
$pfx.Import($certPath, $pfxPassword, "Exportable,PersistKeySet")
$store = new-object System.Security.Cryptography.X509Certificates.X509Store($certificateStoreName,$certificateStoreLocation)
$store.open("MaxAllowed")
$store.add($pfx)
$store.close()
return $pfx
}