有没有一个命令行工具来提取证书指纹？

老了，但也许这会帮助别人。 将以下内容放在PowerShell脚本（.ps1）中并运行它。 它会将拇指打印到屏幕上。 看我贴上的单词包装。

$computerName = $Env:Computername $domainName = $Env:UserDnsDomain write-host "CN=$computername.$domainname" $getThumb = Get-ChildItem -path cert:\LocalMachine\My | where { $_.Subject -match "CN\=$Computername\.$DomainName" } $getThumb.thumbprint 

直接从文件.cer获取指纹

 const certpath = "\\host\res\something.cer" dim objStdOut dim strLine, resString set objStdOut = CreateObject("WScript.Shell").Exec("certutil " & certpath).StdOut while not objStdOut.AtEndOfStream strLine = objStdOut.ReadLine if InStr(strLine, "(sha1)") > 0 then resString = trim(split(strLine, ":")(1)) wend wscript.echo resString 

直接从未安装.cer文件的命令行中删除嵌入的空格（可能可以改进）：

 certutil.exe <mycert>.cer | findstr /c:"Cert Hash(sha1)" | for /f "tokens=3-22" %f in ('more') do @echo %f%g%h%i%j%k%l%m%n%o%p%q%r%s%t%u%v%w%x%y 

在我的情况下，我不能使用PowerShell，所以我写了这个脚本来运行与cscript.exe，这将让你拇指使用正则表达式。

 If WScript.Arguments.Count() = 0 Then WScript.Echo "Domain name to search for must be specified as first parameter." WScript.Quit 1 End If domain = WScript.Arguments.Item(0) Set objShell = WScript.CreateObject ("WScript.shell") ' Get all certificate information in store. Set objCert = objShell.Exec("certutil -store my") certOutput = "" Do While objCert.Status = 0 WScript.Sleep 10 Do While Not objCert.StdOut.AtEndOfStream certOutput = certOutput & objCert.StdOut.ReadLine & vbNewLine Loop Loop ' Capture thumb for specified certificate using Regex. Set thumbRegex = New RegExp thumbRegex.Pattern = "Subject:\s+CN=" & domain & "\s*\n.*\n.*\nCert\sHash\(sha1\):\s+(.*)" thumbRegex.IgnoreCase = True thumbRegex.Global = False ' Verify match and trim out white space. Set match = thumbRegex.Execute(certOutput) result = "" If match.Count > 0 Then result = match.Item(0).Submatches(0) result = Replace(result, " ", "") WScript.Echo result Else WScript.Echo "The certificate for """ & domain & """ was not found." WScript.Quit 2 End If