在x509certificate2中清空PrivateKey

时间:2015-07-07 16:21:22

标签: c# ssl private-key x509certificate2

我已使用私钥在本地计算机商店(win7)上安装了证书。 在c#代码中我这样做:

        X509Certificate2 cert = null;
        var store = new X509Store(storeName, storeLocation);
        store.Open(OpenFlags.ReadOnly);
        try
        {
            var result = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
            ServicePointManager.Expect100Continue = true;
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
            ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
            cert = result.Count > 0 
                ? result[0] 
                : null;
        }
        finally
        {
            store.Close();
        }
        return cert;

cert 变量中,我有我的证书但是它有问题:HasPrivateKey为true但是PrivateKey没有任何对象。如果我使用我的Web应用程序的C#代码中的REST请求发送它,我有错误:

AcquireCredentialsHandle() failed with error 0X8009030D.
The request was aborted: Could not create SSL/TLS secure channel.

商店内的证书授予所有权利。请帮忙,出了什么问题?

Certutil导致俄语(我隐藏安全信息" ***"):

certutil -store my "cf 35 63 34 14 30 a0 32 ca 4a 58 b9 7a 7a ab 18 a4 47 7d a4"
================ Сертификат 0 ================
Серийный номер: 100030
Поставщик: ******************************
 NotBefore: 07.07.2015 5:00
 NotAfter: 24.12.2023 4:59
Субъект: ********************************
Не корневой сертификат
Шаблон:
Хеш сертификата(sha1): cf 35 63 34 14 30 a0 32 ca 4a 58 b9 7a 7a ab 18 a4 47 7d a4
  Контейнер ключа = 94c3b04b44d51674a1b7de89c10bd7d7_09614f03-cc81-44e6-a978-81773242876c
  Простое имя контейнера: CertReq-ceda22d5-2893-496a-b8c1-5c9ceaed82f1
  Поставщик = Microsoft Strong Cryptographic Provider
Тест шифрования пройден

1 个答案:

答案 0 :(得分:0)

我发现了这个问题。我从机器商店删除了证书,然后将安装的证书从当前用户商店导出到.pfx文件,并将其导入机器商店。现在PrivateKey有了对象。 接下来,我将协议类型从Tls更改为Tls12(适用于Win7 +):

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
相关问题
最新问题