私钥在哪里?
关于 makecert 命令的两个简单问题,
假设我使用以下命令:
makecert -n "CN=PowerShell Local Certificate Root" -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer -ss Root -sr localMachine
私钥会自动在证书管理器中的某个位置注册还是私钥将仅位于文件 root.pvk 中?
假设我使用以下命令:
makecert -r -pe -n "CN=XYZ Company" -ss my
执行此命令后,私钥存储在哪里(由于我没有指定 -pe 选项,因此私钥没有嵌入到证书中,但它在哪里)?
Two simple questions about makecert command,
Suppose I am using the following command:
makecert -n "CN=PowerShell Local Certificate Root" -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer -ss Root -sr localMachine
Will the private key automatically registered somewhere in certificate manager or the private key will just be in file root.pvk?
Suppose I am using the following command:
makecert -r -pe -n "CN=XYZ Company" -ss my
After executing this command, where is the private key stored (since I did not specify -pe option, the private key is not embedded in the certificate, but where it is) ?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
即使没有 -pe(启用私钥导出),私钥仍应存储在您指定的证书存储中。 在您的示例中,该存储是 LocalMachine 物理存储和 TrustedRoot 逻辑存储。 您可以通过打开 mmc(开始 -> 运行 -> mmc)并添加证书管理单元并选择“计算机帐户”作为存储来进行检查。
更简单的测试是:
然后开始->运行->certmgr.msc(这将打开本地用户存储的证书管理器)并检查个人证书存储。 在那里你应该有一个名为 test 的证书,并附有私钥。
然后,您可以右键单击证书并将其导出到 .pfx 文件,以获得嵌入了证书和私钥的单个文件。
编辑:
-pe 选项代表可导出的私钥。 如果使用 -pe,您将可以选择使用私钥从 certmgr 导出密钥。 如果您不使用 -pe 那么您将无法选择导出私钥(我下面的评论应该说“不带 -pe”而不是“带 -pe”)。
Even without the -pe (enable private key export) the private key should still be stored in the certificate store you have specified. In your example that store is the LocalMachine physical store and the TrustedRoot logical store. You can check by opening up mmc (start->run->mmc) and adding the Certificates snap in and selecting "Computer Account" as the store.
An even simpler test is:
Then start->run->certmgr.msc (which opens the certificate manager for the local user store) and check the Personal certificate store. In there you should have a certificate called test with a private key attached.
You can then right click the certificate and export it to a .pfx file to get a single file that has the certifcate AND the private key embedded.
Edit:
The -pe option stands for private key exportable. If -pe is used you will have the option of exporting the key from certmgr with the private key. If you don't use -pe then you will not get the option of exporting the private key (my comment below should say "without -pe" not "with -pe").