自簽名證書用途很廣,測試,開發,本地或者雲端網站(比如Microsoft Azure Web Site)都會使用到。本文會介紹一種在Win8.1和Win2012 R2上使用PowerShell快速生成自簽名證書,自動導出私鑰並在LocalMachine\My和LocalMachine\Root下自動安裝的方法。非常易用。[這里是完整的腳本下載鏈接 CodePlex 或者 GitHub]
目前來說,我們已有的創建Self-Signed證書方法包括用MakeCert和CertMgr的,用SelfSSL或SelfSSL7的,用IIS 7/8自帶功能的,或者用比較復雜的PowerShell腳本. 這些方法會要求記住多個命令行復雜的參數,或者手工UI操作,或者對證書生成的細節邏輯有比較深的認識。這里的腳本方法是使用新系統下自帶的Powershell PKI Cmdlet, 只需要告訴最基本的證書Subject, 私鑰保護密碼,和導出私鑰的路徑即可:
GenerateSelfSignedCert www.mytest.com MyTestPassword c:\temp\mytest.pfx
使用的函數定義如下
<# .DESCRIPTION SelfSignedCertificate AutoScript .NOTES Author: Freist Li Last Updated: 10/30/2014 #> #Cert Genearation Related Functions #******************************************************************************************************************** #Create Cert, install Cert to My, install Cert to Root, Export Cert as pfx Function GenerateSelfSignedCert{ Param ( $certcn, $password, $certfilepath ) #Check if the certificate name was used before $thumbprintA=(dir cert:\localmachine\My -recurse | where {$_.Subject -match "CN=" + $certcn} | Select-Object -Last 1).thumbprint if ($thumbprintA.Length -gt 0) { Write-Host "Duplicated Cert Name used" -ForegroundColor Cyan return } else { $thumbprintA=New-SelfSignedCertificate -DnsName $certcn -CertStoreLocation cert:\LocalMachine\My |ForEach-Object{ $_.Thumbprint} } #If generated successfully if ($thumbprintA.Length -gt 0) { #query the new installed cerificate again $thumbprintB=(dir cert:\localmachine\My -recurse | where {$_.Subject -match "CN=" + $certcn} | Select-Object -Last 1).thumbprint #If new cert installed sucessfully with the same thumbprint if($thumbprintA -eq $thumbprintB ) { $message = $certcn + " installed into LocalMachine\My successfully with thumprint "+$thumbprintA Write-Host $message -ForegroundColor Cyan $mypwd = ConvertTo-SecureString -String $password -Force –AsPlainText Write-Host "Exporting Certificate as .pfx file" -ForegroundColor Cyan Export-PfxCertificate -FilePath $certfilepath -Cert cert:\localmachine\My\$thumbprintA -Password $mypwd Write-Host "Importing Certificate to LocalMachine\Root" -ForegroundColor Cyan Import-PfxCertificate -FilePath $certfilepath -Password $mypwd -CertStoreLocation cert:\LocalMachine\Root } else { Write-Host "Thumbprint is not the same between new cert and installed cert." -ForegroundColor Cyan } } else { $message = $certcn + " is not created" Write-Host $message -ForegroundColor Cyan } }
證書產生和安裝成功后,PowerShell輸出為:
可以在Certificate Manager Console 里面看到:
對於產生的.pfx文件,可以很容易放到Web服務器或者Microsoft AZure雲端使用:
更新:
我進一步根據上面的GenerateSelfSignedCert的函數,直接用PowerShell完善了UI部分和自動生成腳本部分。這樣使用的時候會彈出友善的Form窗口,生成你想要的Code, 可以立刻運行Code或者Copy Code到別的機器執行 (因為要安裝證書,需要PowerShell或者PowerShell ISE以管理員身份權限打開):
