Powershell无法使用新的自签名证书加载私钥 我一直在尝试创建一个rootCA和中间CA,在windows10上使用powershell对证书进行签名 $InterCA = New-SelfSignedCertificate -Subject 'CN=KeyInterCARootCN,O=Test Organisation, OU=Test InterCA,C=AU' -Signer $RootCA -KeyLength 2048 -HashAlgorithm 'SHA256' -KeyExportPolicy Exportable -KeyUsage KeyEncipherment,DataEncipherment,CertSign,DigitalSignature,CRLSign -Provider 'Microsoft Enhanced RSA and AES Cryptographic Provider' -NotAfter (Get-Date).AddYears(35) -KeyUsageProperty Sign -TextExtension @(“2.5.29.19 = {critical} {text}ca=1&pathlength=0”) -CertStoreLocation Cert:\LocalMachine\My $InterCAthumbprint = $InterCA.Thumbprint $CertInterCAPassword = ConvertTo-SecureString -String “Test123” -Force –AsPlainText $CertInterCAFilePFX = Export-PfxCertificate -Cert cert:\LocalMachine\My\$InterCAthumbprint -FilePath C:\Users\KeyInterCARoot.pfx -Password $CertInterCAPassword $CertInterCAFileCER = Export-Certificate -Cert $InterCA -FilePath C:\Users\KeyInterCARoot.cer $CertInterCAFileCER Import-Certificate -FilePath C:\Users\KeyInterCARoot.cer -CertStoreLocation Cert:\LocalMachine\CA 当我尝试检查QA1KeyCARoot.key时,我遇到了一个无法加载私钥的错误
问题:Powershell无法使用新的自签名证书加载私钥 我一直在尝试创建一个rootCA和中间CA,在windows10上使用powershell对证书进行签名 $InterCA = New-SelfSignedCertificate -Subject 'CN=KeyInterCARootCN,O=Test Organisation, OU=Test InterCA,C=AU' -Signer $RootCA -KeyLength 2048 -HashAlgorithm 'SHA256' -KeyExportPolicy Exportable -KeyUsage KeyEncipherment,DataEncipherment,CertSign,DigitalSignature,CRLSign -Provider 'Microsoft Enhanced RSA and AES Cryptographic Provider' -NotAfter (Get-Date).AddYears(35) -KeyUsageProperty Sign -TextExtension @(“2.5.29.19 = {critical} {text}ca=1&pathlength=0”) -CertStoreLocation Cert:\LocalMachine\My $InterCAthumbprint = $InterCA.Thumbprint $CertInterCAPassword = ConvertTo-SecureString -String “Test123” -Force –AsPlainText $CertInterCAFilePFX = Export-PfxCertificate -Cert cert:\LocalMachine\My\$InterCAthumbprint -FilePath C:\Users\KeyInterCARoot.pfx -Password $CertInterCAPassword $CertInterCAFileCER = Export-Certificate -Cert $InterCA -FilePath C:\Users\KeyInterCARoot.cer $CertInterCAFileCER Import-Certificate -FilePath C:\Users\KeyInterCARoot.cer -CertStoreLocation Cert:\LocalMachine\CA 当我尝试检查QA1KeyCARoot.key时,我遇到了一个无法加载私钥的错误,powershell,openssl,Powershell,Openssl,问题: 这是使用powershell从pfx文件提取密钥的正确方法吗?pfx应该同时包含rootCA的证书和私钥 $CertRootCAFilePFX=导出PfxCertificate-Cert证书:\LocalMachine\My$RootCAthumbprint-FilePath C:\Users\KeyCARoot.pfx-Password$CertRootCAPassword 如何从命令获取pem中的链 谢谢 根证书 中间钙 $InterCA = New-SelfSignedCert
$InterCA = New-SelfSignedCertificate -Subject 'CN=KeyInterCARootCN,O=Test Organisation, OU=Test InterCA,C=AU' -Signer $RootCA -KeyLength 2048 -HashAlgorithm 'SHA256' -KeyExportPolicy Exportable -KeyUsage KeyEncipherment,DataEncipherment,CertSign,DigitalSignature,CRLSign -Provider 'Microsoft Enhanced RSA and AES Cryptographic Provider' -NotAfter (Get-Date).AddYears(35) -KeyUsageProperty Sign -TextExtension @(“2.5.29.19 = {critical} {text}ca=1&pathlength=0”) -CertStoreLocation Cert:\LocalMachine\My
$InterCAthumbprint = $InterCA.Thumbprint
$CertInterCAPassword = ConvertTo-SecureString -String “Test123” -Force –AsPlainText
$CertInterCAFilePFX = Export-PfxCertificate -Cert cert:\LocalMachine\My\$InterCAthumbprint -FilePath C:\Users\KeyInterCARoot.pfx -Password $CertInterCAPassword
$CertInterCAFileCER = Export-Certificate -Cert $InterCA -FilePath C:\Users\KeyInterCARoot.cer
$CertInterCAFileCER
Import-Certificate -FilePath C:\Users\KeyInterCARoot.cer -CertStoreLocation Cert:\LocalMachine\CA
然后
运行以下命令:
openssl rsa -modulus -noout -in KeyCARoot.key
openssl : unable to load Private Key
At line:1 char:1
openssl rsa -modulus -noout -in KeyCARoot.key
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CategoryInfo : NotSpecified: (unable to load Private Key:String) [], RemoteException
FullyQualifiedErrorId : NativeCommandError
8924:error:0909006C:PEM routines:get_name:no start line:crypto\pem\pem_lib.c:745:Expecting: ANY PRIVATE KEY
我已删除.key文件中的行李属性
行李属性
Microsoft Local Key set: <No Values>
localKeyID: 01 00 00 00
friendlyName: te-3737d2a6-b5dc-4d63-b680-68a42d8080a0
Microsoft CSP Name: Microsoft Enhanced RSA and AES Cryptographic Provider
Key Attributes
X509v3 Key Usage: 10
-----BEGIN PRIVATE KEY-----
....
...
-----BEGIN PRIVATE KEY-----
Microsoft本地密钥集:
localKeyID:01 00
朋友姓名:te-3737d2a6-b5dc-4d63-b680-68A42D80A0
Microsoft CSP名称:Microsoft增强的RSA和AES加密提供程序
关键属性
X509v3密钥用法:10
-----开始私钥-----
....
...
-----开始私钥-----
要创建根证书和中间CA证书,请按照上面的操作导出PKCS#12(.pfx)文件:
$InterCA = New-SelfSignedCertificate -Subject 'CN=KeyInterCARootCN,O=Test Organisation, OU=Test InterCA,C=AU' -Signer $RootCA -KeyLength 2048 -HashAlgorithm 'SHA256' -KeyExportPolicy Exportable -KeyUsage KeyEncipherment,DataEncipherment,CertSign,DigitalSignature,CRLSign -Provider 'Microsoft Enhanced RSA and AES Cryptographic Provider' -NotAfter (Get-Date).AddYears(35) -KeyUsageProperty Sign -TextExtension @(“2.5.29.19 = {critical} {text}ca=1&pathlength=0”) -CertStoreLocation Cert:\LocalMachine\My
$InterCAthumbprint = $InterCA.Thumbprint
$CertInterCAPassword = ConvertTo-SecureString -String “Test123” -Force –AsPlainText
$CertInterCAFilePFX = Export-PfxCertificate -Cert cert:\LocalMachine\My\$InterCAthumbprint -FilePath C:\Users\KeyInterCARoot.pfx -Password $CertInterCAPassword
$CertInterCAFileCER = Export-Certificate -Cert $InterCA -FilePath C:\Users\KeyInterCARoot.cer
$CertInterCAFileCER
Import-Certificate -FilePath C:\Users\KeyInterCARoot.cer -CertStoreLocation Cert:\LocalMachine\CA
$RootCAthumbprint = $RootCA.Thumbprint
$CertRootCAPassword = ConvertTo-SecureString -String 'Test123' -Force -AsPlainText
$CertRootCAFilePFX = Export-PfxCertificate -Cert "Cert:\LocalMachine\My\$RootCAthumbprint" -FilePath .\KeyCARoot.pfx -Password $CertRootCAPassword
$CertRootCAFileCER = Export-Certificate -Cert $RootCA -FilePath .\KeyCARoot.cer
$CertRootCAFileCER
$CertRootCAPath = '.\KeyCARoot.cer'
Import-Certificate -FilePath .\KeyCARoot.cer -CertStoreLocation Cert:\LocalMachine\Root
…然后使用OpenSSL提取未加密的RSA私钥,如下所示:
& "C:\Program Files\OpenSSL\1.1.1h\bin\openssl.exe" pkcs12 -nocerts -nodes -in .\KeyCARoot.pfx -out .\KeyCARoot.key -passin pass:Test123
提取未加密的RSA私钥后,您可以调用OpenSSL RSA以获取模数:
& "C:\Program Files\OpenSSL\1.1.1h\bin\openssl.exe" rsa -modulus -noout -in .\KeyCARoot.key
…无错误,且包含行李属性 QA1KeyCARoot.key文件应该来自哪里?很抱歉,我的帖子中有一个输入错误。实际上是KeyCARoot.key。我会修好我的帖子。我假设$CertRootCAFilePFX=导出PfxCertificate-Cert-Cert:\LocalMachine\My$RootCAthumbprint-FilePath C:\Users\KeyCARoot.pfx-密码$CertRootCAPassword。。。。。创建包含证书和私钥的pfx。然后,我可以使用opensslpkcs12命令导出私钥。不幸的是,它使我无法加载私钥错误导出
.key
文件时,请尝试指定OpenSSL-keyex
选项。如果这没有帮助,请说明您正在使用的OpenSSL和PowerShell版本,以及您的操作系统平台。感谢您的回复。1) 我尝试了openssl pkcs12-in-nocerts-nodes-pass:Test321-keyex | sed-ne/-开始私钥-/,/-结束私钥-/p“>-它不起作用2)版本:Windows 10(VM)5.1.19041.610 openssl 1.1.1h 2020年9月22日3)我注意到sed之后,我在记事本++中检查,编码是UCS-2 LE BOM,这看起来不太正确吗?