如何通过PowerShell从证书文件导出根证书和中间签名证书?
使用PowerShell;我需要获取一个证书文件(.cer/.crt),并将中间和根签名证书文件导出到同一目录。我能做的最多就是获取证书颁发者名称(中间CA)。如何利用PowerShell确定中间和根签名CA并保存这些证书如何通过PowerShell从证书文件导出根证书和中间签名证书?,powershell,ssl,ssl-certificate,x509certificate2,Powershell,Ssl,Ssl Certificate,X509certificate2,使用PowerShell;我需要获取一个证书文件(.cer/.crt),并将中间和根签名证书文件导出到同一目录。我能做的最多就是获取证书颁发者名称(中间CA)。如何利用PowerShell确定中间和根签名CA并保存这些证书 $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 D:\Netscaler_Certificates\example.2021.cer $cert.IssuerN
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 D:\Netscaler_Certificates\example.2021.cer
$cert.IssuerName
给我:
Name Oid RawData
---- --- -------
CN=Subordinate CA, DC=domain, DC=com System.Security.Cryptography.Oid {48, 99, 49...}
您需要构建证书链,然后导出链元素:
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 D:\Netscaler_Certificates\example.2021.cer
$chain = new-object security.cryptography.x509certificates.x509chain
[void]$chain.Build($cert)
$chain.ChainElements | %{
sc -path .\$($_.Certificate.GetNameInfo("dnsName",$false)).cer -value $_.Certificate.RawData -encoding byte
}
..“托管”您刚才从上一个答案导出的证书,下一行可能是:
(($chain.ChainElements.Certificate.Subject | Select-Object -Skip 1) -Replace ", .*").trimstart("CN=")