我从网上搜索它,找到许多样本以从.net中的文件生成新的x509Certificate2,但是没有一个示例显示如何从.net开头生成全新的x509Certificate2。
有没有人可以告诉我如何在.net中进行操作?
非常感谢。
答案 0 :(得分:16)
以下是您可以使用的代码:
static X509Certificate2 GenerateCertificate(string certName)
{
var keypairgen = new RsaKeyPairGenerator();
keypairgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 1024));
var keypair = keypairgen.GenerateKeyPair();
var gen = new X509V3CertificateGenerator();
var CN = new X509Name("CN=" + certName);
var SN = BigInteger.ProbablePrime(120, new Random());
gen.SetSerialNumber(SN);
gen.SetSubjectDN(CN);
gen.SetIssuerDN(CN);
gen.SetNotAfter(DateTime.MaxValue);
gen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0)));
gen.SetSignatureAlgorithm("MD5WithRSA");
gen.SetPublicKey(keypair.Public);
var newCert = gen.Generate(keypair.Private);
return new X509Certificate2(DotNetUtilities.ToX509Certificate((Org.BouncyCastle.X509.X509Certificate)newCert));
}
要使其工作,请不要忘记添加对BouncyCastle library
的引用答案 1 :(得分:3)
您可以使用PINVOKE呼叫Crypt32至create a self signed certificate。有一些sample code可用,它会生成一个并将它放在证书存储区中。
还有Keith Brown的certificate generator,它是用托管代码编写的,并且a library you can use。
或者,您可以使用Org.BouncyCastle.X509.X509V3CertificateGenerator使用BouncyCastle并使用Org.BouncyCastle.Security.DotNetUtilities中的实用程序方法并调用ToX509Certificate()。
如果您想创建一个请求并让它在.NET中实际上更容易签名,那么大多数类都可以作为COM互操作DLL导入。但这是另一个问题。
答案 2 :(得分:0)
我认为你无法使用该API。但您可以使用Bouncy Castle(http://www.bouncycastle.org)创建一个,然后将该对象转换为X509Certificate2对象(BC有一些实用程序类用于执行此操作)。
CNC中 看看这些BC类:X509V3CertificateGenerator和X509Certificate
稍后将BC X509Certificate对象转换为常规X509Certificate2对象的BC实用程序类是:DotNetUtilities
答案 3 :(得分:0)
1。从下面的链接下载Win64 Openssl(Win64 OpenSSL v1.1.0j-37mb安装程序) 网址-https://slproweb.com/products/Win32OpenSSL.html
2。安装后设置系统路径环境变量。(路径= C:\ OpenSSL-Win64 \ bin)
3。打开命令提示符,并将目录更改为桌面。
4。创建密钥的命令:
私钥:openssl req -x509 -days 365 -newkey rsa:2048 -keyout cert-key.pem -out cert.pem
输入命令并按照说明进行操作。
5。现在,我们在桌面上有2个名为cert-key.pem和cert.pem的文件。要创建.pfx文件,请运行以下命令
openssl pkcs12 -export -in cert.pem -inkey key.pem out -x509-cert.pfx
并按照指示进行操作(输入相同的密码)。
6。创建公钥的命令:
openssl pkcs12 -in x509-cert.pfx -clcerts -nokeys -out x509-cert-public.pem
并按照说明进行操作。
7。将证书注册到mmc。
答案 4 :(得分:0)
结帐CertificateRequest(名称空间:System.Security.Cryptography.X509Certificates)...
public static X509Certificate2 GenerateSelfSignedCertificate()
{
string secp256r1Oid = "1.2.840.10045.3.1.7"; //oid for prime256v1(7) other identifier: secp256r1
string subjectName = "Self-Signed-Cert-Example";
var ecdsa = ECDsa.Create(ECCurve.CreateFromValue(secp256r1Oid));
var certRequest = new CertificateRequest($"CN={subjectName}", ecdsa, HashAlgorithmName.SHA256);
//add extensions to the request (just as an example)
//add keyUsage
certRequest.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, true));
X509Certificate2 generatedCert = certRequest.CreateSelfSigned(DateTimeOffset.Now.AddDays(-1), DateTimeOffset.Now.AddYears(10)); // generate the cert and sign!
X509Certificate2 pfxGeneratedCert = new X509Certificate2(generatedCert.Export(X509ContentType.Pfx)); //has to be turned into pfx or Windows at least throws a security credentials not found during sslStream.connectAsClient or HttpClient request...
return pfxGeneratedCert;
}
答案 5 :(得分:-1)
public X509Certificate2 GetCertificate()
{
var config = InitConfiguration();
var certificateSubject = "X509Subject";
var certificateStoreName = "X509StoreName";
var certificateStoreLocation = "X509StoreLocation";
var thumbPrint = "ThumbPrint";
var storeName = (StoreName)Enum.Parse(typeof(StoreName), certificateStoreName, true);
var storeLocation = (StoreLocation)Enum.Parse(typeof(StoreLocation), certificateStoreLocation, true);
var certificateStore = new X509Store(storeName, storeLocation);
certificateStore.Open(OpenFlags.ReadOnly);
foreach (var storeCertificate in certificateStore.Certificates)
{
if (storeCertificate.Thumbprint.ToLower(System.Globalization.CultureInfo.CurrentCulture) == thumbPrint.ToLower(System.Globalization.CultureInfo.CurrentCulture))
{return storeCertificate;
}
}
certificateStore.Close();
return null;
}