无法使用Powershell生成自签名证书

Question

Windows 10、Windows PowerShell ISE

我正在尝试运行我在https://damienbod.com/2019/06/27/using-chained-certificates-for-certificate-authentication-in-asp-net-core-3-0/找到的示例

New-SelfSignedCertificate 
   -DnsName "root_ca_dev_test.com", "root_ca_dev_test.com"
   -CertStoreLocation "cert:\LocalMachine\My"
   -NotAfter (Get-Date).AddYears(20) 
   -FriendlyName "root_ca_dev_test.com"
   -KeyUsageProperty All 
   -KeyUsage CertSign, CRLSign, DigitalSignature

$mypwd = ConvertTo-SecureString -String "1234" -Force -AsPlainText

Get-ChildItem -Path cert:\localMachine\my\"The thumbprint..." | Export-PfxCertificate -FilePath C:\git\root_ca_dev_test.pfx -Password $mypwd

Export-Certificate -Cert cert:\localMachine\my\"The thumbprint..." -FilePath root_ca_dev_test.crt

我收到以下错误：

New-SelfSignedCertificate : Missing Subject information.  The CloneCert parameter, DnsName parameter or Subject Alternative Name 
extension must be specified
At U:\Development\Server-Side\Certificates\Generate Certificate - Example1.ps1:5 char:1
+ New-SelfSignedCertificate
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [New-SelfSignedCertificate], ParameterBindingException
    + FullyQualifiedErrorId : RuntimeException,Microsoft.CertificateServices.Commands.NewSelfSignedCertificateCommand

-DnsName : The term '-DnsName' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the 
spelling of the name, or if a path was included, verify that the path is correct and try again.
At U:\Development\Server-Side\Certificates\Generate Certificate - Example1.ps1:6 char:4
+    -DnsName "root_ca_dev_test.com", "root_ca_dev_test.com"
+    ~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (-DnsName:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

-CertStoreLocation : The term '-CertStoreLocation' is not recognized as the name of a cmdlet, function, script file, or operable 
program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At U:\Development\Server-Side\Certificates\Generate Certificate - Example1.ps1:7 char:4
+    -CertStoreLocation "cert:\LocalMachine\My"
+    ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (-CertStoreLocation:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

-NotAfter : The term '-NotAfter' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the 
spelling of the name, or if a path was included, verify that the path is correct and try again.
At U:\Development\Server-Side\Certificates\Generate Certificate - Example1.ps1:8 char:4
+    -NotAfter (Get-Date).AddYears(20)
+    ~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (-NotAfter:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

-FriendlyName : The term '-FriendlyName' is not recognized as the name of a cmdlet, function, script file, or operable program. Check 
the spelling of the name, or if a path was included, verify that the path is correct and try again.
At U:\Development\Server-Side\Certificates\Generate Certificate - Example1.ps1:9 char:4
+    -FriendlyName "root_ca_dev_test.com"
+    ~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (-FriendlyName:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

-KeyUsageProperty : The term '-KeyUsageProperty' is not recognized as the name of a cmdlet, function, script file, or operable 
program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At U:\Development\Server-Side\Certificates\Generate Certificate - Example1.ps1:10 char:4
+    -KeyUsageProperty All
+    ~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (-KeyUsageProperty:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

-KeyUsage : The term '-KeyUsage' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the 
spelling of the name, or if a path was included, verify that the path is correct and try again.
At U:\Development\Server-Side\Certificates\Generate Certificate - Example1.ps1:11 char:4
+    -KeyUsage CertSign, CRLSign, DigitalSignature
+    ~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (-KeyUsage:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

Get-ChildItem : Cannot find path '\localMachine\my\The thumbprint...' because it does not exist.
At U:\Development\Server-Side\Certificates\Generate Certificate - Example1.ps1:15 char:1
+ Get-ChildItem -Path cert:\localMachine\my\"The thumbprint..." | Expor ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (\localMachine\my\The thumbprint...:String) [Get-ChildItem], ItemNotFoundException
    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetChildItemCommand

Export-PfxCertificate : Object reference not set to an instance of an object.
At U:\Development\Server-Side\Certificates\Generate Certificate - Example1.ps1:15 char:65
+ ... print..." | Export-PfxCertificate -FilePath C:\git\root_ca_dev_test.p ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Export-PfxCertificate], NullReferenceException
    + FullyQualifiedErrorId : System.NullReferenceException,Microsoft.CertificateServices.Commands.ExportPfxCertificate

Export-Certificate : Cannot bind parameter 'Cert' to the target. Exception setting "Cert": "Cannot find path 
'Cert:\localMachine\my\The thumbprint...' because it does not exist."
At U:\Development\Server-Side\Certificates\Generate Certificate - Example1.ps1:17 char:26
+ ... t-Certificate -Cert cert:\localMachine\my\"The thumbprint..." -FilePa ...
+                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (:) [Export-Certificate], ParameterBindingException
    + FullyQualifiedErrorId : ParameterBindingFailed,Microsoft.CertificateServices.Commands.ExportCertificateCommand

我安装了PKI模块，尽管我读到了I need the PKIClient模块。但是，我在网上找不到它。我是否需要这个模块，或者PKI模块就足够了？

谢谢

Answer 1

您必须使用以下命令：

New-SelfSignedCertificate `
   -DnsName "root_ca_dev_test.com", "root_ca_dev_test.com" `
   -CertStoreLocation "cert:\LocalMachine\My" `
   -NotAfter (Get-Date).AddYears(20) `
   -FriendlyName "root_ca_dev_test.com" `
   -KeyUsageProperty All `
   -KeyUsage CertSign, CRLSign, DigitalSignature 

$mypwd = ConvertTo-SecureString -String "1234" -Force -AsPlainText

Get-ChildItem -Path "cert:\localMachine\my\'The thumbprint...'" | Export-PfxCertificate -FilePath "C:\git\root_ca_dev_test.pfx" -Password $mypwd

Export-Certificate -Cert "cert:\localMachine\my\'The thumbprint...'" -FilePath root_ca_dev_t

参数应使用反引号继续。否则，powershell将无法识别它。