从命令行设置证书的读取权限 [英] Set read permission for certificate from command line

问题描述

任何人都可以指向正确的方向来管理从命令行的证书的读取权限？我在编写我们的证书安装，并需要允许NetworkService在本地计算机\个人\证书存储中访问2个证书。

/ p>

解决方案

我这样做了，授予我们的Web应用程序访问在Windows中安装的证书的私钥。 / p>

这是一个PowerShell脚本。它依赖于来自Microsoft的 FindPrivateKey.exe 。

 ＃使用FindPrivateKey.exe（从Windows SDK）获取私钥的文件名。 
 $ s = cmd / cFindPrivateKey.exe我的LocalMachine -t`9D1F685D554E5B04C591D7967FB0D151153A25D8`-a
 
＃授予对私钥的读取权限
 cmd / c cacls.exe`$ s`/ E / G`IIS_IUSRS`：R
  

Can anyone point me in the right direction for managing read permissions for certificates from the command line? I'm scripting our certificate installation, and need to allow NetworkService to access 2 certificates in the "Local Computer\Personal\Certificates" store.

Thanks in advance

解决方案

I've done that to grant a our web application access to a private key of a cert that was installed in windows.

Here's a powershell script. It relies on FindPrivateKey.exe from Microsoft.

# Use FindPrivateKey.exe (From Windows SDK) to get the file name of the private key.
$s = cmd /c "FindPrivateKey.exe My LocalMachine -t   `"9D1F685D554E5B04C591D7967FB0D151153A25D8`" -a"

# Grant read access on the private key
cmd /c "cacls.exe `"$s`" /E /G `"IIS_IUSRS`":R"

这篇关于从命令行设置证书的读取权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！