我在签署证书方面遇到了一些问题。我正在使用.net bouncycastle api。我用open-ssl生成了一个root-ca,我想用它来签署更多的证书。 我的问题是,我无法验证我生成的证书,因为open-ssl无法读取文件。进一步调查显示,我的档案中遗漏了“BEGIN CERTIFICATE”以及“END CERTIFICATE”标签。
Open-SSL错误: 3900:错误:0906D06C:PEM例程:PEM_read_bio:无起始行:。\ crypto \ pem \ pem_lib.c:650:期待:TRUSTED CERTIFICATE
以下代码显示了我如何完成生成过程。
X509V3CertificateGenerator generator = new X509V3CertificateGenerator();
generator.SetSerialNumber(BigInteger.ProbablePrime(120, new Random()));
generator.SetIssuerDN(serverCertificate.SubjectDN);
generator.SetNotBefore(DateTime.Now);
generator.SetNotAfter(DateTime.Now.AddYears(5));
generator.SetSubjectDN(certificationRequestInfo.Subject);
generator.SetPublicKey(publicKey);
generator.SetSignatureAlgorithm("SHA512withRSA");
generator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(serverCertificate));
generator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(publicKey));
var newClientCert = generator.Generate(kP.Private);
newClientCert.Verify(kP.Public);
byte[] b = DotNetUtilities.ToX509Certificate(newClientCert).Export(X509ContentType.Cert);
我会非常感谢任何提示或想法.. 亲切的问候
迈克尔
答案 0 :(得分:3)
BouncyCastle C#在Org.BouncyCastle.OpenSsl命名空间中支持直接以PEM格式编写证书:
Org.BouncyCastle.X509.X509Certificate cert = ...;
using (FileStream fs = ...)
{
TextWriter w = new StreamWriter(fs);
PemWriter pw = new PemWriter(w);
pw.WriteObject(cert);
pw.Writer.Close();
}