通过编程安装证书吊销列表(CRL)
我需要下载和安装约50的CRL每星期一次,并在多个Windows服务器上安装它们。下载是比较容易的部分,有没有办法我可以脚本CRL导入过程?
I need to download and install about 50 CRLs once a week and install them on several Windows servers. Downloading is the easy part, is there a way I could script the CRL import process?
我不知道的方式通过脚本来做到这一点。
你可以写C code吗?如果我理解你想要做什么,你会使用 CryptUiWizImport 功能和 CRYPTUI_WIZ_IMPORT_SRC_INFO 结构。
I don't know a way to do it via script. Can you write C code? If I understand what you want to do, you will use the CryptUiWizImport function, and the CRYPTUI_WIZ_IMPORT_SRC_INFO structure.
下面是一个 code能安装证书的样本;相应的CRL进口是相似的。
Here's a sample of code that installs a Cert; the corresponding CRL import is similar.
附录:
这个帖子指出的Win32 API(如CryptUiWizImport )不能直接访问从PowerShell中,然后描述了一个可能的解决方法:从PowerShell脚本中,动态生成和编译C#code,做的的P / Invoke东西,然后运行生成的装配。这将允许您从PowerShell脚本做CryptUiWizImport严格,虽然这将是一个pretty异国之一。
Addendum:
This post points out that Win32 APIs (such as CryptUiWizImport) are not directly accessible from PowerShell, and then describes a possible workaround: from within the PowerShell script, dynamically generate and compile C# code that does the P/Invoke stuff, and then run the resulting assembly. This would allow you to do the CryptUiWizImport strictly from a powershell script, although it would be a pretty exotic one.