我测试了以下 PowerShell 命令 Get-ChildItem -Path Cert:\localMachine\My |测试证书-Policy SSL -DNSName "dns=mydns.com"

但它向我显示了以下三个结果,但我并没有真正理解它们的含义:

WARNING: Chain status:

CERT_TRUST_IS_UNTRUSTED_ROOT Test-Certificate : A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109 (-2146762487 CERT_E_UNTRUSTEDROOT)

At line:1 char:45

  • ... achine\My | Test-Certificate -Policy SSL -DNSName "mydns.com ...
  • + CategoryInfo          : NotSpecified: (:Certificate) [Test-Certificate], Exception 
    + FullyQualifiedErrorId : CryptographicError,Microsoft.CertificateServices.Commands.TestCertificate 
    

False

WARNING: Chain status:

CERT_TRUST_IS_NOT_TIME_VALID

CERT_TRUST_IS_UNTRUSTED_ROOT

Test-Certificate : A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109 (-2146762487 CERT_E_UNTRUSTEDROOT)

At line:1 char:45

  • ... achine\My | Test-Certificate -Policy SSL -DNSName "mydns.com ...
  • + CategoryInfo          : NotSpecified: (:Certificate) [Test-Certificate], Exception 
    + FullyQualifiedErrorId : CryptographicError,Microsoft.CertificateServices.Commands.TestCertificate 
    

False

WARNING: Chain status: CERT_TRUST_IS_NOT_TIME_VALID Test-Certificate : A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495 CERT_E_EXPIRED)

At line:1 char:45

  • ... achine\My | Test-Certificate -Policy SSL -DNSName "mydns.com ...
  • + CategoryInfo          : NotSpecified: (:Certificate) [Test-Certificate], Exception 
    + FullyQualifiedErrorId : CryptographicError,Microsoft.CertificateServices.Commands.TestCertificate 
    

False

请您参考如下方法:

证书都是关于有效性和链的。

首先,您的机器上安装了受信任的根证书(例如 VeriSign)。

然后可以信任来自该根证书的证书(例如,第 3 方证书提供商)。然后可以根据下一个证书来信任新证书,依此类推。例如

Root Certificate -> 3rd Party Certificate -> mydns.com 

第一条错误信息:

CERT_TRUST_IS_UNTRUSTED_ROOT

表示您的计算机没有将根证书安装到可信发布者的位置。这意味着您的计算机不会隐含地信任该证书。

第二条错误信息:

CERT_TRUST_IS_NOT_TIME_VALID

通常表示证书已过期。即大多数证书的有效期仅为一年。


评论关闭
IT干货网

微信公众号号:IT虾米 (左侧二维码扫一扫)欢迎添加!