我测试了以下 PowerShell 命令 Get-ChildItem -Path Cert:\localMachine\My |测试证书-Policy SSL -DNSName "dns=mydns.com"
但它向我显示了以下三个结果,但我并没有真正理解它们的含义:
WARNING: Chain status:
CERT_TRUST_IS_UNTRUSTED_ROOT Test-Certificate : A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109 (-2146762487 CERT_E_UNTRUSTEDROOT)
At line:1 char:45
- ... achine\My | Test-Certificate -Policy SSL -DNSName "mydns.com ...
+ CategoryInfo : NotSpecified: (:Certificate) [Test-Certificate], Exception + FullyQualifiedErrorId : CryptographicError,Microsoft.CertificateServices.Commands.TestCertificate
False
WARNING: Chain status:
CERT_TRUST_IS_NOT_TIME_VALID
CERT_TRUST_IS_UNTRUSTED_ROOT
Test-Certificate : A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109 (-2146762487 CERT_E_UNTRUSTEDROOT)
At line:1 char:45
- ... achine\My | Test-Certificate -Policy SSL -DNSName "mydns.com ...
+ CategoryInfo : NotSpecified: (:Certificate) [Test-Certificate], Exception + FullyQualifiedErrorId : CryptographicError,Microsoft.CertificateServices.Commands.TestCertificate
False
WARNING: Chain status: CERT_TRUST_IS_NOT_TIME_VALID Test-Certificate : A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495 CERT_E_EXPIRED)
At line:1 char:45
- ... achine\My | Test-Certificate -Policy SSL -DNSName "mydns.com ...
+ CategoryInfo : NotSpecified: (:Certificate) [Test-Certificate], Exception + FullyQualifiedErrorId : CryptographicError,Microsoft.CertificateServices.Commands.TestCertificate
False
请您参考如下方法:
证书都是关于有效性和链的。
首先,您的机器上安装了受信任的根证书(例如 VeriSign)。
然后可以信任来自该根证书的证书(例如,第 3 方证书提供商)。然后可以根据下一个证书来信任新证书,依此类推。例如
Root Certificate -> 3rd Party Certificate -> mydns.com
第一条错误信息:
CERT_TRUST_IS_UNTRUSTED_ROOT
表示您的计算机没有将根证书安装到可信发布者的位置。这意味着您的计算机不会隐含地信任该证书。
第二条错误信息:
CERT_TRUST_IS_NOT_TIME_VALID
通常表示证书已过期。即大多数证书的有效期仅为一年。