Dump Windows Cert Authorities

From AD7ZJ Wiki
Revision as of 21:58, 14 February 2018 by Elijah (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Based on this article: https://blogs.technet.microsoft.com/parallel_universe_-_ms_tech_blog/2015/10/22/export-all-your-trusted-root-certificate-from-local-machine-store/

Useful if you need to get a VM working in an environment where a firewall is MITM sniffing all https traffic.

Open powershell on the windows box and run these commands to dump all the cert authorities: 

$type = [System.Security.Cryptography.X509Certificates.X509ContentType]::Cert

$certs = get-childitem -path cert:\LocalMachine\CA

foreach($cert in $certs)
{
    $hash = $cert.GetCertHashString()
    $path = "c:\temp\" + $hash + ".der"
     [System.IO.File]::WriteAllBytes($path, $cert.export($type) ) 
}

Copy them into the linux VM. Then, you need to convert each cert from x509 binary format to the base-64 format expected by linux: 

openssl x509 -inform der -in certificate.der -out certificate.crt

Copy certs into /usr/share/ca-certificates and run dpkg-reconfigure ca-certificates to install them in the system.

Retrieved from "http://wiki.ad7zj.net/wiki/index.php?title=Dump_Windows_Cert_Authorities&oldid=357"