从驱动程序将证书导入TrustedPublisher，以进行静默驱动程序安装 [英] Import certificate to TrustedPublisher from driver for silent driver installation

问题描述

我想安装Balloon驱动程序以便在KVM中运行Windows，而无需用户进行任何交互(静默安装).

I would like to install the Balloon driver for running my Windows in KVM without user any interaction (silent installation).

我正在使用Powershell将驱动程序中的证书提取到一些临时文件中，然后使用certutil.exe将其导入TrustedPublisher:

I'm using powershell to extract the certificate form the driver to some temporary file and then import it to TrustedPublisher using certutil.exe:

$cert = (Get-AuthenticodeSignature "D:\Balloon\2k12R2\amd64\blnsvr.exe").SignerCertificate; [System.IO.File]::WriteAllBytes("c:\redhat.cer", $cert.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert));

certutil.exe -f -addstore "TrustedPublisher" c:\redhat.cer

然后，我可以安装驱动程序而无需通过确认来打扰用户:

Then I can install the driver without bothering the user by confirmation:

pnputil -i -a "d:\Balloon\2k12R2\amd64\*.inf"

如何改进此任务以在Powershell中完成所有任务-无需将证书提取到临时文件中并使用certutil.exe导入它?

How can I improve this task to do it all in powershell - without extracting the certificate to temporary file and using certutil.exe to import it?

推荐答案

您可以将证书数据存储在变量中，并将其直接添加到所需的存储中.例如，使用您的路径/目标:

You can store cert data in variable, and add it directly to desired store. For example, using your path/target:

$Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$Cert.Import((((Get-AuthenticodeSignature "D:\Balloon\2k12R2\amd64\blnsvr.exe").SignerCertificate).Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert)))
$store = Get-Item "cert:\LocalMachine\TrustedPublisher"
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]"ReadWrite")
$store.Add($Cert)
$store.Close()

这篇关于从驱动程序将证书导入TrustedPublisher，以进行静默驱动程序安装的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！