通过编程安装证书吊销列表（CRL） [英] Programatically install Certificate Revocation List (CRL)

问题描述

我需要下载和安装约50的CRL每星期一次，并在多个Windows服务器上安装它们。下载是比较容易的部分，有没有办法我可以脚本CRL导入过程？

I need to download and install about 50 CRLs once a week and install them on several Windows servers. Downloading is the easy part, is there a way I could script the CRL import process?

推荐答案

我不知道的方式通过脚本来做到这一点。
你可以写C code吗？如果我理解你想要做什么，你会使用 CryptUiWizImport 功能和 CRYPTUI_WIZ_IMPORT_SRC_INFO 结构。

I don't know a way to do it via script. Can you write C code? If I understand what you want to do, you will use the CryptUiWizImport function, and the CRYPTUI_WIZ_IMPORT_SRC_INFO structure.

下面是一个<一个href=\"http://blogs.msdn.com/alejacma/archive/2008/01/31/how-to-import-a-certificate-without-user-interaction-c-c.aspx\"相对=nofollow> code能安装证书的样本;相应的CRL进口是相似的。

Here's a sample of code that installs a Cert; the corresponding CRL import is similar.

附录：

这个帖子指出的Win32 API（如CryptUiWizImport ）不能直接访问从PowerShell中，然后描述了一个可能的解决方法：从PowerShell脚本中，动态生成和编译C＃code，做的的P / Invoke东西，然后运行生成的装配。这将允许您从PowerShell脚本做CryptUiWizImport严格，虽然这将是一个pretty异国之一。

Addendum:
This post points out that Win32 APIs (such as CryptUiWizImport) are not directly accessible from PowerShell, and then describes a possible workaround: from within the PowerShell script, dynamically generate and compile C# code that does the P/Invoke stuff, and then run the resulting assembly. This would allow you to do the CryptUiWizImport strictly from a powershell script, although it would be a pretty exotic one.

这篇关于通过编程安装证书吊销列表（CRL）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！