以编程方式安装证书吊销列表(CRL)
我需要每周一次下载并安装约50个CRL,并将它们安装在多台Windows服务器上.下载是最简单的部分,有没有办法编写CRL导入过程的脚本?
I need to download and install about 50 CRLs once a week and install them on several Windows servers. Downloading is the easy part, is there a way I could script the CRL import process?
我不知道通过脚本执行此操作的方法. 你会写C代码吗?如果我了解您要做什么,您将使用 CryptUiWizImport 功能,以及 CRYPTUI_WIZ_IMPORT_SRC_INFO 结构.
I don't know a way to do it via script. Can you write C code? If I understand what you want to do, you will use the CryptUiWizImport function, and the CRYPTUI_WIZ_IMPORT_SRC_INFO structure.
这是安装证书的代码示例;相应的CRL导入是类似的.
Here's a sample of code that installs a Cert; the corresponding CRL import is similar.
附录:
这篇文章指出Win32 API(例如无法从PowerShell直接访问CryptUiWizImport),然后描述了一种可能的解决方法:从PowerShell脚本内部,动态生成并编译执行P/Invoke任务的C#代码,然后运行生成的程序集.这将允许您严格地使用powershell脚本来执行CryptUiWizImport,尽管这将是一个非常奇特的脚本.
Addendum:
This post points out that Win32 APIs (such as CryptUiWizImport) are not directly accessible from PowerShell, and then describes a possible workaround: from within the PowerShell script, dynamically generate and compile C# code that does the P/Invoke stuff, and then run the resulting assembly. This would allow you to do the CryptUiWizImport strictly from a powershell script, although it would be a pretty exotic one.