Ludwig的骇客帝国: 脚本

Feng's profileLudwig的骇客帝国BlogLists

Tools

Help

Blog

Summary

Listed by:

<< First < Previous Next > Last >>

April 29

和X509证书相关的一些命令

下面的命令创建一个自我签署的证书，指定使用者名称为“CN=XYZ Company”，指定有效期的起始和结束时间，将密钥放入 my 存储区，指定并交换密钥，并且使私钥可导出。

makecert -r -pe -n "CN=XYZ Company" -b 01/01/2005 -e 01/01/2010 -sky exchange -ss my -a sha1

将PFX格式的证书(包含密钥的证书)导入本机

@echo off
setlocal
echo ************
echo cert setup starting
echo ************
set PFX_PASSWORD=111111
set SERVER_NAME=WCFQuickStartServer
set STS_NAME=WCFSecureTokenService
set ROOT_NAME=WCFQuickstartRoot
REM cleans up certs from previous runs.
call deleteAll.bat
REM Import server certificates on Windows 2003 - certutil is only on Windows 2003
    echo ************
    echo Server cert setup starting
    echo Installing %SERVER_NAME% certificate into the LocalMachine/My store
    echo ************
    echo Importing root.pfx to LocalMachine/My store ...
    echo ************
    certutil -importpfx -p %PFX_PASSWORD% root.pfx
    echo Importing sts.pfx to LocalMachine/My store ...
    echo ************
       certutil -importpfx -p %PFX_PASSWORD% sts.pfx
echo ************
echo copying server cert to CurrentUser store
echo ************
certmgr.exe -add -r LocalMachine -s My -c -n %ROOT_NAME% -r LocalMachine -s Root
certmgr.exe -add -r LocalMachine -s My -c -n %STS_NAME% -r CurrentUser -s My
certmgr.exe -add service.cer -r CurrentUser -s My
pause
GOTO :EOF
:end