logo
down
shadow

How to create and install X.509 self signed certificates in Windows 10 without user interaction?


How to create and install X.509 self signed certificates in Windows 10 without user interaction?

Content Index :

How to create and install X.509 self signed certificates in Windows 10 without user interaction?
Tag : powershell , By : user92243
Date : November 29 2020, 04:01 AM

fixed the issue. Will look into that further I just tested your code with the signtool.exe coming from my Visual Studio 2017 installation and things seems to work.
So I would really like to see the code / command you use for signing the files. Even more I would like to see the real output from the error that you are seeing. Could you try your signing process manually / by hand at first, so we are sure that we are focusing on the correct issue?
All issuance policies
All application policies
-TextExtension @("2.5.29.37={text}1.3.6.1.4.1.311.10.12.1")
Subject Type = CA
-TextExtension @("2.5.29.19={text}CA=1&pathlength=3")
-TextExtension @("2.5.29.37={text}1.3.6.1.4.1.311.10.12.1", "2.5.29.19={text}CA=1&pathlength=3")
$rootCert = New-SelfSignedCertificate -KeyExportPolicy Exportable -CertStoreLocation cert:\CurrentUser\My -DnsName "Development Root CA" -NotAfter (Get-Date).AddYears(5) -TextExtension @("2.5.29.37={text}1.3.6.1.4.1.311.10.12.1", "2.5.29.19={text}CA=1&pathlength=3") -KeyusageProperty All -KeyUsage CertSign,CRLSign,DigitalSignature

# Export the root authority private key.
[System.Security.SecureString] $password = ConvertTo-SecureString -String "passwordx" -Force -AsPlainText
[String] $rootCertPath = Join-Path -Path cert:\CurrentUser\My\ -ChildPath "$($rootcert.Thumbprint)"
Export-PfxCertificate -Cert $rootCertPath -FilePath "MyCA.pfx" -Password $password
Export-Certificate -Cert $rootCertPath -FilePath "MyCA.crt"

# Create a "MySPC" certificate signed by our root authority.
$cert = New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "MySPC" -Signer $rootCert -Type CodeSigningCert

# Save the signed certificate with private key into a PFX file and just the public key into a CRT file.
[String] $certPath = Join-Path -Path cert:\LocalMachine\My\ -ChildPath "$($cert.Thumbprint)"
Export-PfxCertificate -Cert $certPath -FilePath MySPC.pfx -Password $password
Export-Certificate -Cert $certPath -FilePath "MySPC.crt"

# Add MyCA certificate to the Trusted Root Certification Authorities.
$pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2
$pfx.import("MyCA.pfx", $password, "Exportable,PersistKeySet")
$store = new-object System.Security.Cryptography.X509Certificates.X509Store(
    [System.Security.Cryptography.X509Certificates.StoreName]::Root,
    "localmachine"
)
$store.open("MaxAllowed")
$store.add($pfx)
$store.close()

# Import certificate.
Import-PfxCertificate -FilePath MySPC.pfx cert:\CurrentUser\My -Password $password
SignTool sign /n "MySPC" 2LCS.exe
$rootCert = New-SelfSignedCertificate -KeyExportPolicy Exportable -CertStoreLocation cert:\CurrentUser\My -DnsName "Development Root CA" -NotAfter (Get-Date).AddYears(5) -TextExtension @("2.5.29.19={text}CA=1&pathlength=3", "2.5.29.37={text}1.3.6.1.5.5.7.3.3") -KeyusageProperty All -KeyUsage CertSign,CRLSign,DigitalSignature #-Type CodeSigningCert

# Export the root authority private key.
[System.Security.SecureString] $password = ConvertTo-SecureString -String "passwordx" -Force -AsPlainText
[String] $rootCertPath = Join-Path -Path cert:\CurrentUser\My\ -ChildPath "$($rootcert.Thumbprint)"
Export-PfxCertificate -Cert $rootCertPath -FilePath "MyCA.pfx" -Password $password
Export-Certificate -Cert $rootCertPath -FilePath "MyCA.crt"

# Create a "MySPC" certificate signed by our root authority.
$cert = New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "MySPC" -Signer $rootCert -Type CodeSigningCert

# Save the signed certificate with private key into a PFX file and just the public key into a CRT file.
[String] $certPath = Join-Path -Path cert:\LocalMachine\My\ -ChildPath "$($cert.Thumbprint)"
Export-PfxCertificate -Cert $certPath -FilePath MySPC.pfx -Password $password
Export-Certificate -Cert $certPath -FilePath "MySPC.crt"

# Add MyCA certificate to the Trusted Root Certification Authorities.
$pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2
$pfx.import("MyCA.pfx", $password, "Exportable,PersistKeySet")
$store = new-object System.Security.Cryptography.X509Certificates.X509Store(
    [System.Security.Cryptography.X509Certificates.StoreName]::Root,
    "localmachine"
)
$store.open("MaxAllowed")
$store.add($pfx)
$store.close()

# Import certificate.
Import-PfxCertificate -FilePath MySPC.pfx cert:\CurrentUser\My -Password $password

Comments
No Comments Right Now !

Boards Message :
You Must Login Or Sign Up to Add Your Comments .

Share : facebook icon twitter icon

Install certificates in to the Windows Local user certificate store in C#


Tag : chash , By : user98986
Date : March 29 2020, 07:55 AM
it should still fix some issue Turns out you first need to impersonate the user.
Using the very nice library described in A small C# Class for impersonating a User, you can do the following:
using (new Impersonator("username", "", "password"))
{
    try
    {
        X509Store serviceRuntimeUserCertificateStore = new X509Store(StoreName.My);
        string baseDir = AppDomain.CurrentDomain.BaseDirectory;
        string certPath = Path.Combine(baseDir, certificateFolder);

        string certificateFile = "c:\\file.cert";
        string certificatePassword = "somePassword";
        string certificateLocation = certPath + "\\" + certificateFile;

        InstallCertificate(certificateLocation, certificatePassword);
    }
    catch (Exception ex)
    {
        Console.WriteLine(ex);
    }
}

private static void InstallCertificate(string certificatePath, string certificatePassword)
{
    try
    {
        var serviceRuntimeUserCertificateStore = new X509Store(StoreName.My);
        serviceRuntimeUserCertificateStore.Open(OpenFlags.ReadWrite);

        X509Certificate2 cert;

        try
        {
            cert = new X509Certificate2(certificatePath, certificatePassword);
        }
        catch(Exception ex)
        {
            Console.WriteLine("Failed to load certificate " + certificatePath);
            throw new DataException("Certificate appeared to load successfully but also seems to be null.", ex);
        }

        serviceRuntimeUserCertificateStore.Add(cert);
        serviceRuntimeUserCertificateStore.Close();
    }
    catch(Exception)
    {
        Console.WriteLine("Failed to install {0}.  Check the certificate index entry and verify the certificate file exists.", certificatePath);
    }
}

How can I create a Windows Service which updates itself without user interaction


Tag : chash , By : n1ckless_id
Date : March 29 2020, 07:55 AM
I wish this help you Here is the solution I ended up with:
When installing the service, I gave the service user permission to start and stop the service. See my question on service permissions for more details.

Install python for windows with no user interaction


Tag : python , By : Mare Astra
Date : March 29 2020, 07:55 AM
around this issue Unpack the contents of Winpython, copy this folder to any windows-machine you like. Your done :-).
Concerning your 2nd question: Winpython is fully portable and comes with a GUI-Installer for 3rd-party python packages. Install all you need ONLY ONCE and copy the Winpython folder afterwards to all Windows-PC.

Any way to use self signed certificates on the windows phone 7 emulator?


Tag : windows-phone-7 , By : Debashree
Date : March 29 2020, 07:55 AM

How to install self-signed certificates in iOS 11


Tag : ios , By : RichAA
Date : March 29 2020, 07:55 AM
it helps some times If you are not seeing the certificate under General->About->Certificate Trust Settings, then you probably do not have the ROOT CA installed. Very important -- needs to be a ROOT CA, not an intermediary CA.
This is very easy to determine by using openssl:
$ openssl s_client -showcerts -connect myserver.com:443 </dev/null
    Certificate chain
     0 s:/C=US/ST=California/L=SAN FRANCISCO/O=mycompany.com, inc./OU=InfraSec/CN=myserver.com
       i:/C=US/O=mycompany.com, inc./CN=mycompany.com Internal CA 1A
    -----BEGIN CERTIFICATE-----
    ....encoded cert in PEM format....
    -----END CERTIFICATE-----
$ openssl x509 -in myfile.pem -out myfile.der -outform DER
Related Posts Related QUESTIONS :
  • Not able to rename button base on value
  • Description property dont give back result
  • Using powershell script with different parameters
  • How to get the current script to read off computer names off a txt file located on c:\
  • Powershell check if drive letter exists and if so remove
  • Powershell script to return search results from a list of keywords
  • PowerShell copy fails without warning
  • Get Windows Last Reboot Timestamp?
  • In PowerShell how to capture error, warning, write-host output into a single file?
  • Set-Acl only on on files containing certain keyword
  • Weird Coalesce Behavior
  • Search for a word within a file that has a specific modified date
  • How to fetch first column from given powershell array?
  • How to add text to a file foreach column using PowerShell?
  • How to share data between cmdlets in a module?
  • How to exclude some column in CSV using Powershell?
  • ARM Template for Redis Cache failing to deploy
  • Copy folders that match names to other sub folder of matching directory
  • How to set parameters for SaveAs() dialog in Word.Application?
  • Attempting to Filter out All .p12 AND .pfx files from a given Directory
  • Powershell FTP Script String Concatenation
  • How to GET variables used in a specific BUILD in Azure Devops / TFS via api
  • Cleaning up DistributionGroup in PowerShell
  • PowerShell method Contains not working as expected
  • Feeding Get-ChildItem path info from an array - Illegal characters
  • Script argument as private scope variable
  • PowerShell Hashtable to JSON without Quotes
  • How to set as variable csv column using powershell?
  • Move flag from one script to another in PowerShell
  • Sort-Object problem (one MAC address and two IP addresses)
  • concatenate columnar output in PowerShell
  • When a list of objects is retruned from Get-EventLog that itself contains an array of strings, how do I access the array
  • Passing down a variable to function creates an array
  • Get-Date cannot convert null to type "System.Datetime"
  • I want run PowerShell commands using administrator with normal PowerShell user
  • How to using loop to find a file and remove it using PowerShell?
  • PowerShell Get-ChildItem on folder that does not exist behaves different with the -recurse flag
  • How to do looping for checking an existing folder with PowerShell?
  • Having trouble outputting to a CSV file. I know the output is a curly brackets "collection", but I'm stumped
  • How to replace last part of a string dynamically?
  • Checking to see if PowerShell Command worked, Crap Error
  • (Date).ToString does not use specified delimiter
  • Loop through multiple array in powershell
  • How to mapping a file by matching data using powershell?
  • How to define the return type / OutputType of a function
  • Use multiple CSVs out a folder individually and save their names
  • Get-FileHash command in powershell 2.0
  • How to pick a files based on the first received in PowerShell?
  • Is there a way to get a range for numbers larger than int32?
  • PowerShell and process exit codes
  • Parse a txt file or an input using PowerShell
  • Store different positional numbers on a variable
  • Windows Server 2012 R2 Remote Desktop access problems
  • Output filename weirdly
  • Filtering with wildcards
  • Internet Explorer object doesn't have Document child
  • Accept where clause in an advanced function
  • Howto get an INT output from select statement
  • After Stop-Process, task still shows on Get-Process
  • Get-ADUser using old pre-Windows 2000 Logon name instead of CN
  • shadow
    Privacy Policy - Terms - Contact Us © scrbit.com