以编程方式安装证书吊销列表(CRL) [英] Programmatically install Certificate Revocation List (CRL)

问题描述

我需要每周一次下载并安装约50个CRL，并将它们安装在多台Windows服务器上.下载是最简单的部分，有没有办法编写CRL导入过程的脚本?

I need to download and install about 50 CRLs once a week and install them on several Windows servers. Downloading is the easy part, is there a way I could script the CRL import process?

推荐答案

我不知道通过脚本执行此操作的方法. 你会写C代码吗?如果我了解您要做什么，您将使用 CryptUiWizImport 功能，以及 CRYPTUI_WIZ_IMPORT_SRC_INFO 结构.

I don't know a way to do it via script. Can you write C code? If I understand what you want to do, you will use the CryptUiWizImport function, and the CRYPTUI_WIZ_IMPORT_SRC_INFO structure.

这是安装证书的代码示例；相应的CRL导入是类似的.

Here's a sample of code that installs a Cert; the corresponding CRL import is similar.

附录:
这篇文章指出Win32 API(例如无法从PowerShell直接访问CryptUiWizImport)，然后描述了一种可能的解决方法:从PowerShell脚本内部，动态生成并编译执行P/Invoke任务的C#代码，然后运行生成的程序集.这将允许您严格地使用powershell脚本来执行CryptUiWizImport，尽管这将是一个非常奇特的脚本.

Addendum:
This post points out that Win32 APIs (such as CryptUiWizImport) are not directly accessible from PowerShell, and then describes a possible workaround: from within the PowerShell script, dynamically generate and compile C# code that does the P/Invoke stuff, and then run the resulting assembly. This would allow you to do the CryptUiWizImport strictly from a powershell script, although it would be a pretty exotic one.

这篇关于以编程方式安装证书吊销列表(CRL)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！