如何解决如何在powershell中使用不可导出的证书签署文件?
我尝试在 PowerShell 中使用此代码:
$path = 'cert:\currentuser\my\' + 'Thumbprint_My_Certificate'
$cert=Get-ChildItem -Path $path
$choicec=$cert | Where-Object HasPrivateKey -eq 'true' | Where-Object { $_.Subject -eq "CN=CN_Name_My_Certificate" }
Set-AuthenticodeSignature -FilePath C:\Users\myuser\Desktop\TestFilePS.txt -Certificate $choicec*
在那种情况下,我有这个错误:
Set-AuthenticodeSignature : Cannot bind argument to parameter 'Certificate' because it is null.
At line:1 char:94
+ ... ath C:\Users\myuser\Desktop\TestFilePS.txt -Certificate $choicec
+ ~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Set-AuthenticodeSignature],ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.SetAuthenti
codeSignatureCommand*
当我将上一个命令更改为
Set-AuthenticodeSignature -FilePath C:\Users\myuser\Desktop\TestFilePS.txt -Certificate $cert
我有这个错误:
Set-AuthenticodeSignature : Cannot sign code. The specified certificate is not suitable for code signing.
At line:1 char:1
+ Set-AuthenticodeSignature -FilePath C:\Users\myuser\Desktop\Test ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Set-AuthenticodeSignature],PSArgumentException
+ FullyQualifiedErrorId : Argument,Microsoft.PowerShell.Commands.SetAuthenticodeSignatureCommand
$cert 的输出 | fl * 如下:
PSPath : Microsoft.PowerShell.Security\Certificate::currentuser\my\XXXThumbprint_My_CertificateXXX
PSParentPath : Microsoft.PowerShell.Security\Certificate::currentuser\my
PSChildName : XXXThumbprint_My_CertificateXXX
PSDrive : Cert
PSProvider : Microsoft.PowerShell.Security\Certificate
PSIsContainer : False
EnhancedKeyUsageList : {Server Authentication (1.3.6.1.5.5.7.3.1),Client Authentication (1.3.6.1.5.5.7.3.2)}
DnsNameList : {MyComputerName,MyDomain}
SendAsTrustedIssuer : False
EnrollmentPolicyEndPoint : Microsoft.CertificateServices.Commands.EnrollmentEndPointProperty
EnrollmentServerEndPoint : Microsoft.CertificateServices.Commands.EnrollmentEndPointProperty
PolicyId :
Archived : False
Extensions : {System.Security.Cryptography.Oid,System.Security.Cryptography.Oid,System.Security.Cryptography.Oid...}
FriendlyName :
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 09.05.2023 23:13:07
NotBefore : 09.05.2021 23:13:07
HasPrivateKey : True
PrivateKey : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey
RawData : {48,130,6,249...}
SerialNumber : XXXSerial_Number_My_CertificateXX
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : XXXThumbprint_My_CertificateXXX
Version : 3
Handle : 2049462886560
Issuer : CN=CN_Name_My_Certificate,O=CompanyName
Subject : CN=CN_Name_My_Certificate,OU=OU_Name,O=CompanyName,L=L_Name
我做错了什么?
解决方法
假设您已请求证书并且已将其正确添加到域组策略“受信任的发布者”部分,那么签名过程本身就相当简单。 PowerShell 命令遵循以下语法 –
update t
set firstName = replace(firstName,'.',' ')
where firstName like '%.%';
哪里——
LOCATIONOFSCRIPT = 要签名的脚本的路径
LOCATIONOFCERT = 用户证书的路径
TSASERVER = 一个外部时间戳机构,允许脚本在用于签名的证书过期后继续受信任
因此,如下所示,假设证书正确位于您的个人存储中:
Set-AuthenticodeSignature -FilePath LOCATIONOFSCRIPT -Certificate LOCATIONOFCERT –TimestampServer TSASERVER
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。