问题
I want to push out a cert w/ a private key password. I know its not secure. A more secure way would be great. But i cannot figure out to do it.
$test = ConvertTo-SecureString -String "plaintextpassword" -Force -AsPlainText<code>
Import-PfxCertificate -FilePath $filelocale -CertStoreLocation Cert:\LocalMachine\My -Password $test
Getting: Import-PfxCertificate : The PFX file you are trying to import requires either a different password or membership in an Active Directory principal to which it is protected.
If I run below it works
$test = Get-Credential -UserName 'enter pwd' -Message "Enter PWD"
Import-PfxCertificate -FilePath $filelocale -CertStoreLocation Cert:\LocalMachine\My -Password $test.Password
回答1:
Since using a credential object does the trick, just create the credential without using prompts:
$Pass = ConvertTo-SecureString -String 'plaintextpassword' -Force -AsPlainText
$User = "whatever"
$Cred = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $User, $Pass
Import-PfxCertificate -FilePath $filelocale -CertStoreLocation Cert:\LocalMachine\My -Password $Cred.Password
Note the single quotation marks I used to stop PowerShell from interpreting the input. This is especially important on any password with symbols. If using the credential object does not work when using double quotes around "plaintextpassword" it is likely the issue is simply what you put in is not what you're actually getting in the final result.
If you want to check it yourself, you can use the following based on "Working with Passwords, Secure Strings and Credentials in Windows PowerShell." It is definitely worth a read.
$Pass = ConvertTo-SecureString -String "plaintext$_password" -Force -AsPlainText
$User = "whatever"
$Cred = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $User, $Pass
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Cred.Password)
$PlainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
$PlainPassword
Pay special attention to the use of double quotes and additional $_ that causes the problem. Color formatting might help you spot the issue earlier if you're using a recent PowerShell or other tool that has highlighting. You'll probably see what I mean.
来源:https://stackoverflow.com/questions/56452009/import-pfx-cert-w-password-deployment