【问题标题】:Import certificate to TrustedPublisher from driver for silent driver installation从驱动程序导入证书到 TrustedPublisher 以进行静默驱动程序安装
【发布时间】:2017-01-09 00:43:45
【问题描述】:

我想安装 Balloon 驱动程序以在 KVM 中运行我的 Windows 而无需用户进行任何交互(静默安装)。

我正在使用 powershell 将证书从驱动程序中提取到某个临时文件,然后使用 certutil.exe 将其导入到 TrustedPublisher:

$cert = (Get-AuthenticodeSignature "D:\Balloon\2k12R2\amd64\blnsvr.exe").SignerCertificate; [System.IO.File]::WriteAllBytes("c:\redhat.cer", $cert.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert));

certutil.exe -f -addstore "TrustedPublisher" c:\redhat.cer

然后我可以通过确认安装驱动程序而无需打扰用户:

pnputil -i -a "d:\Balloon\2k12R2\amd64\*.inf"

如何改进此任务以在 powershell 中完成所有任务 - 无需将证书提取到临时文件并使用 certutil.exe 导入它?

【问题讨论】:

    标签: powershell installation certificate driver silent


    【解决方案1】:

    我从所有 virtio 驱动程序的 .cat 文件中获取签名并将其直接导入到商店:

    $DriverPath = Get-Item "D:\tmp\virtio-win-0.1.173\*\2k12r2\amd64"
    
    $CertStore = Get-Item "cert:\LocalMachine\TrustedPublisher"
    $CertStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
    
    Get-ChildItem -Recurse -Path $DriverPath -Filter "*.cat" | % {
        $Cert = (Get-AuthenticodeSignature $_.FullName).SignerCertificate
    
        Write-Host ( "Added {0}, {1} from {2}" -f $Cert.Thumbprint,$Cert.Subject,$_.FullName )
    
        $CertStore.Add($Cert)
    }
    
    $CertStore.Close()
    

    【讨论】:

      【解决方案2】:

      您可以将证书数据存储在变量中,并将其直接添加到所需的存储中。例如,使用您的路径/目标:

      $Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
      $Cert.Import((((Get-AuthenticodeSignature "D:\Balloon\2k12R2\amd64\blnsvr.exe").SignerCertificate).Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert)))
      $store = Get-Item "cert:\LocalMachine\TrustedPublisher"
      $store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]"ReadWrite")
      $store.Add($Cert)
      $store.Close()
      

      【讨论】:

        猜你喜欢
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 2013-06-30
        • 1970-01-01
        • 2010-12-07
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        相关资源
        最近更新 更多