我已经创建了一个机器证书。它出现在 Certificates (Local Computer)\Personal\Certificates 证书存储库文件夹中。现在我希望使用命令行实用程序提取其指纹。
不幸的是,我能找到的最接近的东西是this article。
我需要能够在从 XP 开始的任何 Windows 操作系统上执行此过程。
谢谢。
【问题讨论】:
标签: windows security certificate
旧的,但也许这会对某人有所帮助。将以下内容放入 powershell 脚本(.ps1)并运行它。它会将拇指打印到屏幕上。观看我的粘贴中的自动换行。
$computerName = $Env:Computername
$domainName = $Env:UserDnsDomain
write-host "CN=$computername.$domainname"
$getThumb = Get-ChildItem -path cert:\LocalMachine\My | where { $_.Subject -match "CN\=$Computername\.$DomainName" }
$getThumb.thumbprint
【讨论】:
直接从命令行获取未安装的 .cer 文件,并删除嵌入的空格(可能会改进):
certutil.exe <mycert>.cer | findstr /c:"Cert Hash(sha1)" | for /f "tokens=3-22" %f in ('more') do @echo %f%g%h%i%j%k%l%m%n%o%p%q%r%s%t%u%v%w%x%y
【讨论】:
直接从文件 .cer 中获取指纹
const certpath = "\\host\res\something.cer"
dim objStdOut
dim strLine, resString
set objStdOut = CreateObject("WScript.Shell").Exec("certutil " & certpath).StdOut
while not objStdOut.AtEndOfStream
strLine = objStdOut.ReadLine
if InStr(strLine, "(sha1)") > 0 then resString = trim(split(strLine, ":")(1))
wend
wscript.echo resString
【讨论】:
在我的情况下,我无法使用 PowerShell,所以我编写了这个脚本以使用 cscript.exe 运行,它会使用正则表达式让你大吃一惊。
If WScript.Arguments.Count() = 0 Then
WScript.Echo "Domain name to search for must be specified as first parameter."
WScript.Quit 1
End If
domain = WScript.Arguments.Item(0)
Set objShell = WScript.CreateObject ("WScript.shell")
' Get all certificate information in store.
Set objCert = objShell.Exec("certutil -store my")
certOutput = ""
Do While objCert.Status = 0
WScript.Sleep 10
Do While Not objCert.StdOut.AtEndOfStream
certOutput = certOutput & objCert.StdOut.ReadLine & vbNewLine
Loop
Loop
' Capture thumb for specified certificate using Regex.
Set thumbRegex = New RegExp
thumbRegex.Pattern = "Subject:\s+CN=" & domain & "\s*\n.*\n.*\nCert\sHash\(sha1\):\s+(.*)"
thumbRegex.IgnoreCase = True
thumbRegex.Global = False
' Verify match and trim out white space.
Set match = thumbRegex.Execute(certOutput)
result = ""
If match.Count > 0 Then
result = match.Item(0).Submatches(0)
result = Replace(result, " ", "")
WScript.Echo result
Else
WScript.Echo "The certificate for """ & domain & """ was not found."
WScript.Quit 2
End If
【讨论】:
电源外壳 获取子项证书:\LocalMachine\My
【讨论】:
这是一个简单的 python 脚本来执行此操作:
def getThumbPrint(cert, passwd):
val = ""
info = subprocess.Popen(["certutil", "-p", passwd, cert], shell=False, stdout=subprocess.PIPE)
for i in info.communicate()[0].split('\n'):
if i.startswith("Cert Hash(sha1):"):
val = i.split(':')[1].strip()
# There may be more than 1, we want the last one.
return val
【讨论】: