问题描述
我正在尝试使用New-SelfSignedCertificate cmdlet生成可导出的密钥,但不能。
这是我的代码:
$certFilePath = "C:\certs"
$certStoreLocation = "Cert:\LocalMachine\My"
$pwd = "p@ssw0rd"
$cert = New-SelfSignedCertificate `
-KeyFriendlyName "Development Cert" `
-KeyDescription "Development Cert" `
-KeyAlgorithm "RSA" `
-DnsName @("*.dev.local","localhost") `
-NotBefore (Get-Date).AddYears(-1) `
-NotAfter (Get-Date).AddYears(50) `
-KeyUsage CertSign,CRLSign,DataEncipherment,DigitalSignature,NonRepudiation `
-KeyUsageProperty All `
-KeyLength 2048 `
-KeyLocation $certFilePath `
-CertStoreLocation $certStoreLocation `
-KeyExportPolicy Exportable `
-KeyProtection None `
-Type Custom
$certThumb = $cert.Thumbprint
$certPath = "$certStoreLocation\$certThumb"
$cert | Export-PfxCertificate -FilePath "$certFilePath\$certThumb.pfx" -Password (ConvertTo-securestring -String $pwd -AsPlainText -Force)
Export-PfxCertificate : Cannot export non-exportable private key.
At line:24 char:9
+ $cert | Export-PfxCertificate -FilePath "$certFilePath\$certThumb.pfx ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Export-PfxCertificate],Win32Exception
+ FullyQualifiedErrorId : System.ComponentModel.Win32Exception,Microsoft.CertificateServices.Commands.ExportPfxCertificate
有什么想法吗?
解决方法
删除以下内容:
-KeyLocation $certFilePath `
...解决了问题。