证书安装安全警告解决方法？ [英] Certificate Install Security Warning Workaround?

问题描述

我有尝试在CA（.der编码）证书安装到受信任的根证书颁发机构存储当前（我的）用户的一些C＃4.0的代码。我的小控制台应用程序运行默默对其他店，但此店一个GUI弹出来了：你即将从证书颁发机构安装证书... Windows无法验证证书实际上是从.....你要安装此证书？

I have some C# 4.0 code that attempts to install a CA (.der encoded) certificate into the "Trusted Root Certification Authorities" store for the current (My) user. My little console app runs silently against other stores, but for this store a GUI popup comes up "You are about to install a certificate from a certification authority... Windows cannot validate that the certificate is actually from..... Do you want to install this certificate?"

这消息框是一个问题，因为这个想法是自动部署与MSI的应用程序，并默默地得到正确的证书在正确的地方。有一个模式对话框会杀了自动化部署。

This messagebox is a problem because the idea is to automatically deploy the app with an MSI and silently get the right certs in the right place. Having a modal box will kill automated deployment.

这怎么安装，无需部署的最新消息框做？

How can this installation be done without a deployment-breaking messagebox?

推荐答案

这听起来不符合逻辑，但没有警告你不应该证书添加到当前用户的根证书存储，但本地机器的根来代替。你可以很容易验证

It can sound not logical, but to have no warning you should add the certificate not to the Root certificate store of the current user, but to the Root of the local machine instead. You can easy verify that

certmgr.exe -add -c t.cer -s -r currentUser root

生产安全警告，但

certmgr.exe -add -c t.cer -s -r localMachine root

不

所以，如果你想导入.NET证书则对应的代码可能是下面的左右

So if you want import a certificate in .NET then the corresponding code could be about following

using System;
using System.Security.Cryptography.X509Certificates;

namespace AddCertToRootStore {
    class Program {
        static void Main (string[] args) {
            X509Store store = new X509Store (StoreName.Root,
                                             StoreLocation.LocalMachine);
            store.Open (OpenFlags.ReadWrite);
            X509Certificate2Collection collection = new X509Certificate2Collection();
            X509Certificate2 cert = new X509Certificate2 (@"C:\Oleg\t.cer");
            byte[] encodedCert = cert.GetRawCertData();
            Console.WriteLine ("The certificate will be added to the Root...");
            store.Add (cert);
            Console.WriteLine("Verify, that the certificate are added successfully");
            Console.ReadKey ();
            Console.WriteLine ("The certificate will be removed from the Root");
            store.Remove (cert);
            store.Close ();
        }
    }
}

这篇关于证书安装安全警告解决方法？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！