问题
I have some C# 4.0 code that attempts to install a CA (.der encoded) certificate into the "Trusted Root Certification Authorities" store for the current (My) user. My little console app runs silently against other stores, but for this store a GUI popup comes up "You are about to install a certificate from a certification authority... Windows cannot validate that the certificate is actually from..... Do you want to install this certificate?"
This messagebox is a problem because the idea is to automatically deploy the app with an MSI and silently get the right certs in the right place. Having a modal box will kill automated deployment.
How can this installation be done without a deployment-breaking messagebox?
回答1:
It can sound not logical, but to have no warning you should add the certificate not to the Root certificate store of the current user, but to the Root of the local machine instead. You can easy verify that
certmgr.exe -add -c t.cer -s -r currentUser root
produce the security warning, but
certmgr.exe -add -c t.cer -s -r localMachine root
not.
So if you want import a certificate in .NET then the corresponding code could be about following
using System;
using System.Security.Cryptography.X509Certificates;
namespace AddCertToRootStore {
class Program {
static void Main (string[] args) {
X509Store store = new X509Store (StoreName.Root,
StoreLocation.LocalMachine);
store.Open (OpenFlags.ReadWrite);
X509Certificate2Collection collection = new X509Certificate2Collection();
X509Certificate2 cert = new X509Certificate2 (@"C:\Oleg\t.cer");
byte[] encodedCert = cert.GetRawCertData();
Console.WriteLine ("The certificate will be added to the Root...");
store.Add (cert);
Console.WriteLine("Verify, that the certificate are added successfully");
Console.ReadKey ();
Console.WriteLine ("The certificate will be removed from the Root");
store.Remove (cert);
store.Close ();
}
}
}
来源:https://stackoverflow.com/questions/4196997/certificate-install-security-warning-workaround