使用CertEnroll远程更新证书
使用CertEnroll远程更新证书
提问于 2014-12-08 11:52:37
我正在尝试使用CertEnroll和CertLib COM库在PowerShell中更新一个证书。这是我的代码:
[CmdletBinding()]
param(
[parameter (mandatory=$true)]
[string]$ServerName
)
$credential = Get-Credential
Invoke-Command -ComputerName $ServerName -Credential $credential -ScriptBlock{
$location=[System.Security.Cryptography.X509Certificates.StoreLocation]::CurrentUser
$store =New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Store -ArgumentList $location
$store.Open(1)
$cert = $store.Certificates.Find([System.Security.Cryptography.X509Certificates.X509FindType]::FindByIssuerName,"<CA-Name>",$false)[0]
#Write-Output $cert.IssuerName
$store.Close()
$request = New-Object -ComObject X509Enrollment.CX509CertificateRequestPkcs7
try{
$request.InitializeFromCertificate(0x2,$true,[System.Convert]::ToBase64String($cert.RawData),0x1,3 -band 1024)
$enroll = New-Object -ComObject X509Enrollment.CX509Enrollment
$enroll.InitializeFromRequest($request)
$message = $enroll.CreateRequest(1)
$certReq = New-Object -ComObject CertificateAuthority.Request
$val=$certReq.Submit(0x1 -bor 0,$message,[string]::Empty,"<CA-Server>\"+ $cert.Issuer.Split('=')[1])
if($val -eq 3)
{
Write-Host "Certificate request accepted"
}
$reqid=$certReq.GetRequestId()
#$reqid=[System.Convert]::ToInt32($id)
$objcertRequest = New-Object -ComObject CertificateAuthority.Request
$pending = $objcertRequest.RetrievePending($reqid,"<CA-Server>"+$cert.Issuer.Split('=')[1])
if($pending -eq 3)
{
$certificate = $objcertRequest.GetCertificate(0x1 -bor 0x100);
$objEnroll = New-Object -ComObject X509Enrollment.CX509Enrollment
$objEnroll.Initialize(1);
$objEnroll.InstallResponse(4,$certificate,1,$null);
Write-Host "Installed Successfully"
}
else
{
Write-Error 'error'
}
}
catch
{
Write-Output $_.Exception.Message
Write-Output $_.Exception.ItemName
}
}我已经为CA服务器和CA名称提供了正确的值。我能够在本地机器上更新证书,但是当我试图在另一台计算机上对证书进行更新时,我会出错。这是我正在犯的错误:
Exception calling "InitializeFromCertificate" with "5" argument (s): "CertEnroll::CX509CertificateRequestPkcs7::InitializeFromCertificate: The operation being requested was not performed because the user has not been authenticated. 0x800704dc (WIN32: 1244)"有人能告诉我为什么我会收到身份验证错误吗。我正在提供正确的证明。
回答 1
Stack Overflow用户
回答已采纳
发布于 2014-12-08 12:39:09
您提供了在远程主机上进行身份验证的凭据,但是这些凭据并不用于在CA服务器上进行身份验证。你要么必须:
- 使远程计算机成为受信任的委托(不推荐)
- 使用CredSSP允许使用这些凭据在CA服务器上进行身份验证。更多细节:使用PowerShell启用CredSSP的“第二跳”功能
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/27357404
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号