为什么netsh http从Powershell ps1文件中添加sslcert抛出错误？

Question

我尝试添加使用netsh的HTTP从一个PowerShell PS1文件内的sslcert，但它不断抛出的错误：

$guid = [guid]::NewGuid() 

netsh http add sslcert ipport=0.0.0.0:443 certhash=5758B8D8248AA8B4E91DAA46F069CC1C39ABA718 appid={$guid} 


'JABnAHUAaQBkAA' is not a valid argument for this command. 
The syntax supplied for this command is not valid. Check help for the correct syntax. 

    Usage: add sslcert [ipport=]<IP Address:port> 
     [certhash=]<string> 
     [appid=]<GUID> 
     [[certstorename=]<string> 
      [verifyclientcertrevocation=]enable|disable 
      [verifyrevocationwithcachedclientcertonly=]enable|disable 
      [usagecheck=]enable|disable 
      [revocationfreshnesstime=]<u-int> 
      [urlretrievaltimeout=]<u-int> 
      [sslctlidentifier=]<string> 
      [sslctlstorename=]<string> 
      [dsmapperusage=]enable|disable 
      [clientcertnegotiation=]enable|disable] 

参数：

Tag      Value 

    ipport     - IP address and port for the binding. 
    certhash    - The SHA hash of the certificate. This hash 
           is 20 bytes long and specified as a hex 
           string. 
    appid     - GUID to identify the owning application. 
    certstorename   - Store name for the certificate. Defaults 
           to MY. Certificate must be stored in the 
           local machine context. 
    verifyclientcertrevocation - Turns on/off verification of revocation 
           of client certificates. 
    verifyrevocationwithcachedclientcertonly - Turns on/off usage of 
               only cached client 
               certificate for revocation checking. 
    usagecheck    - Turns on/off usage check. Default is enabled. 
    revocationfreshnesstime - Time interval to check for an updated 
           certificate revocation list (CRL). If this 
           value is 0, then the new CRL is updated 
           only if the previous one expires. (in 
           seconds) 
    urlretrievaltimeout  - Timeout on attempt to retrieve certificate 
           revocation list for the remote URL. 
           (in milliseconds) 
    sslctlidentifier  - List the certificate issuers that can 
           be trusted. This list can be a subset of 
           the certificate issuers that are trusted 
           by the machine. 
    sslctlstorename   - Store name under LOCAL_MACHINE where 
           SslCtlIdentifier is stored. 
    dsmapperusage   - Turns on/off DS mappers. Default is 
           disabled. 
    clientcertnegotiation - Turns on/off negotiation of certificate. 
           Default is disabled. 

Remarks: adds a new SSL server certificate binding and corresponding client 
     certificate policies for an IP address and port. 

Examples: 

    add sslcert ipport=1.1.1.1:443 certhash=0102030405060708090A0B0C0D0E0F1011121314 appid={00112233-4455-6677-8899 
-AABBCCDDEEFF} 

我可能是错的，但我相信它有一些事情要做，我怎么去指定我的PowerShell脚本文件中的appid GUID。有人能帮我解决错误吗？

Answer 1

这是Powershell解析cmd命令的一个问题。 这将成功地执行命令：

$guid = [guid]::NewGuid() 
$Command = "http add sslcert ipport=0.0.0.0:443 certhash=5758B8D8248AA8B4E91DAA46F069CC1C39ABA718 appid={$guid}" 
$Command | netsh 

Answer 2

下面的代码将工作，&这是用于带参数调用程序，"appid={$guid}"让它通过字符串值。

& netsh http add sslcert ipport=0.0.0.0:443 certhash=5758B8D8248AA8B4E91DAA46F069CC1C39ABA718 "appid={$guid}" 

Answer 3

错误的原因是花括号必须用反向符号（`）转义。

以下命令将在PowerShell的命令行工作：

这将从PowerShell的commadline工作：

$AppId = [Guid]::NewGuid().Guid 
$Hash = "209966E2BEDA57E3DB74FD4B1E7266F43EB7B56D" 

netsh http add sslcert ipport=0.0.0.0:8000 certhash=$Hash appid=`{$Guid`} 

重要的细节是逃避每个{}用反引号（'）。

如果netsh的引发错误87试着在后面加上certstorename我

没有必要使用变量。它只是为了方便。