openssl命令生成签名证书链参考网址：点击打开

将p12证书导入usb-key中的完整方法：点击打开

certutil -addstore "Root" "c:\cacert.cer"certutil -importpfx  -p 123456 c:\somepfx.pfx要将 CA 证书导入中间证书颁发机构存储，请运行以下命令certutil -addstore "CA" "c:\intermediate_cacert.cer"

用windows crypt api将p12证书导出到根证书目录的实例代码如下。
注意：PFXImportCertStore函数中的结构体参数CRYPT_DATA_BLOB ，其成员变量是p12文件的长度和内容，而不是p12文件名的长度和内容。

#include <cryptuiapi.h>#pragma comment(lib,"Cryptui.lib")
#pragma comment(lib, "crypt32.lib")int importRootCert(WCHAR* cert_filename) {int result = 0;//mylog(L"[liujinguang]importRootCert entry");CRYPTUI_WIZ_IMPORT_SRC_INFO importSrc = { 0 };importSrc.dwSize = sizeof(CRYPTUI_WIZ_IMPORT_SRC_INFO);importSrc.dwSubjectChoice = CRYPTUI_WIZ_IMPORT_SUBJECT_FILE;importSrc.pwszFileName = cert_filename;importSrc.dwFlags = CRYPT_EXPORTABLE | CRYPT_USER_PROTECTED | CRYPTUI_WIZ_IMPORT_TO_LOCALMACHINE;int count = 0;do{if (count >= 3){break;}result = CryptUIWizImport(CRYPTUI_WIZ_NO_UI, NULL, NULL, &importSrc, NULL);if (result == 0){//mylog(L"[liujinguang]importRootCert:%ws CryptUIWizImport failed error:0x%x", cert_filename, GetLastError());}else {//mylog(L"[liujinguang]importRootCert:%ws CryptUIWizImport ok", cert_filename);break;}count++;} while (result == 0);//	char logdata[1024];// 	int logsize = wsprintfA(logdata, "importRootCert result:0x%x\r\n", result);// 	logfile(logdata, logsize);int flag = 0;int cert_filename_len = wcslen(cert_filename);if (cert_filename[0] == '\"' && cert_filename[cert_filename_len - 1] == '\"'){flag = TRUE;}WCHAR cmd[1024];if (flag){wsprintfW(cmd, L"certutil -addstore root %s", cert_filename);}else {wsprintfW(cmd, L"certutil -addstore root \"%s\"", cert_filename);}//wsprintfW(cmd, L"certmgr.exe /c /add \"%ws\" /s root", cert_filename);//wsprintfW(cmd, L"certmgr.exe -add \"%ws\" -s -r localMachine AuthRoot", cert_filename);STARTUPINFOW si = { 0 };PROCESS_INFORMATION pi = { 0 };result = CreateProcessW(0, cmd, 0, 0, 0, 0, 0, 0, &si, &pi);if (result){WaitForSingleObject(pi.hProcess, 6000);CloseHandle(pi.hProcess);CloseHandle(pi.hThread);}//mylog(L"[liujinguang]importRootCert:%ws result:0x%x", cmd, result);//ShellExecuteW(0, "open", cmd, 0, 0, SW_SHOW);//result = WinExec(cmd, SW_SHOW);return result;
}int main()
{//system("certutil -importpfx -p 123456 cym.p12 ");DWORD error = 0;HCERTSTORE hCertStore = NULL;PCCERT_CONTEXT pCertContext = NULL;LPCSTR pwszP12File = "cym.p12";LPCWSTR pwszPassword = L"123456";HANDLE hf = CreateFileA("cym.p12", GENERIC_READ, 0, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);int filesize = GetFileSize(hf, 0);char* data = new char[filesize + 1024];DWORD cnt = 0;int result = 0;result = ReadFile(hf, data, filesize, &cnt, 0);CloseHandle(hf);CRYPT_DATA_BLOB cdb = { 0 };cdb.cbData = filesize;cdb.pbData = (byte*)data;hCertStore = PFXImportCertStore(&cdb,pwszPassword,CRYPT_EXPORTABLE | CRYPT_MACHINE_KEYSET);if (hCertStore == NULL){error = GetLastError();std::cout << "Failed to open P12 file." << std::endl;return 1;}PCCERT_CONTEXT prev = NULL;do{// Find the first certificate in the storepCertContext = CertFindCertificateInStore(hCertStore,X509_ASN_ENCODING,0,CERT_FIND_ANY,NULL,prev);if (pCertContext == NULL){std::cout << "Failed to find the certificate." << std::endl;CertCloseStore(hCertStore, 0);return 1;}// Do something with the certificate (e.g., print its subject)DWORD dwSubjectNameSize = CertGetNameString(pCertContext,CERT_NAME_SIMPLE_DISPLAY_TYPE,0,NULL,NULL,0);LPWSTR pwszSubjectName = new WCHAR[dwSubjectNameSize];CertGetNameString(pCertContext,CERT_NAME_SIMPLE_DISPLAY_TYPE,0,NULL,pwszSubjectName,dwSubjectNameSize);std::wcout << L"Certificate subject: " << pwszSubjectName << std::endl;// Clean updelete[] pwszSubjectName;static int no = 0;no++;WCHAR cerfn[1024];wsprintfW(cerfn, L"test_%d.cer", no);result = CertSaveStore(hCertStore, 0, CERT_STORE_SAVE_AS_STORE, CERT_STORE_SAVE_TO_FILENAME_W, (void*)cerfn, 0);result = importRootCert(cerfn);prev = pCertContext;} while (prev);CertFreeCertificateContext(pCertContext);CertCloseStore(hCertStore, 0);return 0;
}

本文链接：https://my.lmcjl.com/post/13315.html