Set read permission for certificate from command line

About

Asked 31/8, 2011 at 10:36 Answered 31/8, 2011 at 22:22

Solved windows certificate file-permissions acl

Can anyone point me in the right direction for managing read permissions for certificates from the command line? I'm scripting our certificate installation, and need to allow NetworkService to access 2 certificates in the "Local Computer\Personal\Certificates" store.

Thanks in advance

Jovitta answered 31/8, 2011 at 10:36 Comment(0)

I've done that to grant a our web application access to a private key of a cert that was installed in windows.

Here's a powershell script. It relies on FindPrivateKey.exe from Microsoft.

# Use FindPrivateKey.exe (From Windows SDK) to get the file name of the private key.
$s = cmd /c "FindPrivateKey.exe My LocalMachine -t   `"9D1F685D554E5B04C591D7967FB0D151153A25D8`" -a"

# Grant read access on the private key
cmd /c "cacls.exe `"$s`" /E /G `"IIS_IUSRS`":R"

Diseuse answered 31/8, 2011 at 22:22 Comment(7)

I think I got FindPrivateKey.exe from Windows Communication Foundation (WCF) Samples @ microsoft.com/download/en/…. – Diseuse 31/8, 2011 at 22:42

Thanks, I've got FindPrivateKey.exe - I'll try it out! – Jovitta 1/9, 2011 at 12:11

I'm putting this in a batch script and for some odd reason, findprivatekey.exe doesn't find the specified certificate when run from the batch file, but works perfectly from the command line!? – Jovitta 1/9, 2011 at 14:52

Are you running the batch script under the same user account as when you run from the command line? If you used my example, it's powershell. In that case is it a .ps1 file? – Diseuse 1/9, 2011 at 18:25

Yeah using the exact same console to invoke findprivatekey.exe method. When invoked from inside the batch file, it returns no certificate path - when directly in the console, it finds it perfectly. Strange... – Jovitta 2/9, 2011 at 5:24

Works for me from dos and powershell. Are you sure you got the quotes correct? The example above assumes you're in powershell. For dos, the quotes are a little different. I created a .bat file as follows: echo find from dos shell FindPrivateKey.exe My LocalMachine -t "9D1F685D554E5B04C591D7967FB0D151153A25D8" -a echo find from powershell powershell -command ./find-privatekey.ps1 pause – Diseuse 2/9, 2011 at 15:25

Ahh, I'm fetching the key by its name and unfortunately there's localized characters in the string. So it was a basic UTF8 error. Thanks for helping out! – Jovitta 6/9, 2011 at 9:5

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags