Powershell: 用New-SelfSignedCertificate命令创建自签名证书

作者: lesca 分类: Powershell 发布时间: 2017-07-06 11:19

1.创建根证书

$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=P2SRootCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256-KeyLength2048 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-KeyUsageProperty Sign -KeyUsage CertSign

2.获取证书引用(可选步骤)

将下面的THUMBPRINT替换成所需证书的“指纹”字符串,这个字符串可以从证书详细信息中找到。

$cert = Get-ChildItem -Path "Cert:\CurrentUser\My\THUMBPRINT"

具体如:

$cert = Get-ChildItem -Path "Cert:\CurrentUser\My\AED812AD883826FF7O14D1D5A77B3C08EFA79F3F"

3.用根证书签名新的客户端证书

New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=P2SChildCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")

-CertStoreLocation 参数 (仅两个选项)

  • -CertStoreLocation “cert:\LocalMachine\My”
  • -CertStoreLocation “Cert:\CurrentUser\My”

版权声明

本文出自 Lesca 技术宅,转载时请注明出处及相应链接。

本文永久链接: https://www.lesca.cn/archives/create-self-signed-certificate-with-powershell-new-selfsignedcertificate-command.html

如果觉得我的文章对您有用,请随意赞赏。您的支持将鼓励我继续创作!