Dump Windows Cert Authorities: Difference between revisions

From AD7ZJ Wiki
Jump to navigation Jump to search
(Created page with "Based on this article: https://blogs.technet.microsoft.com/parallel_universe_-_ms_tech_blog/2015/10/22/export-all-your-trusted-root-certificate-from-local-machine-store/ Usef...")
 
No edit summary
 
Line 18: Line 18:
</nowiki>
</nowiki>


Then, you need to convert each cert from x509 binary format to the base-64 format expected by linux:
Copy them into the linux VM. Then, you need to convert each cert from x509 binary format to the base-64 format expected by linux:


  <nowiki>
  <nowiki>

Latest revision as of 21:58, 14 February 2018

Based on this article: https://blogs.technet.microsoft.com/parallel_universe_-_ms_tech_blog/2015/10/22/export-all-your-trusted-root-certificate-from-local-machine-store/

Useful if you need to get a VM working in an environment where a firewall is MITM sniffing all https traffic.

Open powershell on the windows box and run these commands to dump all the cert authorities:

$type = [System.Security.Cryptography.X509Certificates.X509ContentType]::Cert

$certs = get-childitem -path cert:\LocalMachine\CA

foreach($cert in $certs)
{
    $hash = $cert.GetCertHashString()
    $path = "c:\temp\" + $hash + ".der"
     [System.IO.File]::WriteAllBytes($path, $cert.export($type) ) 
}

Copy them into the linux VM. Then, you need to convert each cert from x509 binary format to the base-64 format expected by linux:

openssl x509 -inform der -in certificate.der -out certificate.crt

Copy certs into /usr/share/ca-certificates and run dpkg-reconfigure ca-certificates to install them in the system.