Powershell: 用New-SelfSignedCertificate命令创建自签名证书
1.创建根证书
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature ` -Subject "CN=P2SRootCert" -KeyExportPolicy Exportable ` -HashAlgorithm sha256-KeyLength2048 ` -CertStoreLocation "Cert:\CurrentUser\My" ` -KeyUsageProperty Sign -KeyUsage CertSign
2.获取证书引用(可选步骤)
将下面的THUMBPRINT替换成所需证书的“指纹”字符串,这个字符串可以从证书详细信息中找到。
$cert = Get-ChildItem -Path "Cert:\CurrentUser\My\THUMBPRINT"
具体如:
$cert = Get-ChildItem -Path "Cert:\CurrentUser\My\AED812AD883826FF7O14D1D5A77B3C08EFA79F3F"
3.用根证书签名新的客户端证书
New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=P2SChildCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")
-CertStoreLocation 参数 (仅两个选项)
- -CertStoreLocation “cert:\LocalMachine\My”
- -CertStoreLocation “Cert:\CurrentUser\My”
版权声明
本文出自 Lesca 技术宅,转载时请注明出处及相应链接。
