问题
Can anyone point me in the right direction for managing read permissions for certificates from the command line? I'm scripting our certificate installation, and need to allow NetworkService to access 2 certificates in the "Local Computer\Personal\Certificates" store.
Thanks in advance
回答1:
I've done that to grant a our web application access to a private key of a cert that was installed in windows.
Here's a powershell script. It relies on FindPrivateKey.exe from Microsoft.
# Use FindPrivateKey.exe (From Windows SDK) to get the file name of the private key.
$s = cmd /c "FindPrivateKey.exe My LocalMachine -t `"9D1F685D554E5B04C591D7967FB0D151153A25D8`" -a"
# Grant read access on the private key
cmd /c "cacls.exe `"$s`" /E /G `"IIS_IUSRS`":R"
来源:https://stackoverflow.com/questions/7255747/set-read-permission-for-certificate-from-command-line