Windows LiveWindows Live
 
 
Feng's profileLudwig的骇客帝国BlogLists Tools Help

Blog
    April 29

    和X509证书相关的一些命令

    1. 下面的命令创建一个自我签署的证书,指定使用者名称为“CN=XYZ Company”,指定有效期的起始和结束时间,将密钥放入 my 存储区,指定并交换密钥,并且使私钥可导出。
    makecert -r -pe -n "CN=XYZ Company" -b 01/01/2005 -e 01/01/2010 -sky exchange -ss my -a sha1
    1. 将PFX格式的证书(包含密钥的证书)导入本机

    @echo off

    setlocal
    echo ************
    echo cert setup starting
    echo ************

    set PFX_PASSWORD=111111
    set SERVER_NAME=WCFQuickStartServer
    set STS_NAME=WCFSecureTokenService
    set ROOT_NAME=WCFQuickstartRoot

    REM cleans up certs from previous runs.
    call deleteAll.bat

    REM Import server certificates on Windows 2003 - certutil is only on Windows 2003
        echo ************
        echo Server cert setup starting
        echo Installing %SERVER_NAME% certificate into the LocalMachine/My store
        echo ************
        echo Importing root.pfx to LocalMachine/My store ...
        echo ************
        certutil -importpfx -p %PFX_PASSWORD% root.pfx

        echo Importing sts.pfx to LocalMachine/My store ...
        echo ************
           certutil -importpfx -p %PFX_PASSWORD% sts.pfx

    echo ************
    echo copying server cert to CurrentUser store
    echo ************

    certmgr.exe -add -r LocalMachine -s My -c -n %ROOT_NAME% -r LocalMachine -s Root
    certmgr.exe -add -r LocalMachine -s My -c -n %STS_NAME% -r CurrentUser -s My
    certmgr.exe -add service.cer -r CurrentUser -s My
    pause
    GOTO :EOF

    :end

    7:07 PM | Blog it | 脚本

    Comments (1)

    Please wait...
    Sorry, the comment you entered is too long. Please shorten it.
    You didn't enter anything. Please try again.
    Sorry, we can't add your comment right now. Please try again later.
    To add a comment, you need permission from your parent. Ask for permission
    Your parent has turned off comments.
    Sorry, we can't delete your comment right now. Please try again later.
    You've exceeded the maximum number of comments that can be left in one day. Please try again in 24 hours.
    Your account has had the ability to leave comments disabled because our systems indicate that you may be spamming other users. If you believe that your account has been disabled in error please contact Windows Live support.
    Complete the security check below to finish leaving your comment.
    The characters you type in the security check must match the characters in the picture or audio.

    To add a comment, sign in with your Windows Live ID (if you use Hotmail, Messenger, or Xbox LIVE, you have a Windows Live ID). Sign in


    Don't have a Windows Live ID? Sign up
    eric songwrote:
    是Windows PowerShell 吗
    June 13

    Trackbacks

    The trackback URL for this entry is:
    http://ludwigxu.spaces.live.com/blog/cns!1B1DC2CBB79F56F9!238.trak
    Weblogs that reference this entry
    • None