是否可以从CertificateAuthority商店检索CA证书

时间:2016-01-18 07:51:45

标签: c# x509certificate

我正在使用.NET API处理X509证书,并想知道是否可以从CertificateAuthority Store检索CA证书。我尝试了大量的排列,最有意义的(但也失败了)是:

var store = new X509Store(StoreName.CertificateAuthority, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
var count = store.Certificates.Find(X509FindType.FindBySubjectDistinguishedName, "CN=SecureTrust CA", false).Count;
store.Close();

返回0的计数。

1 个答案:

答案 0 :(得分:1)

如评论中所示,您需要使用Root而不是CertificateAuthority。此外,如果您使用FindBySubjectDistinguishedName,则必须使用完整的DN。

这有效:

var store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
var count = store.Certificates.Find(X509FindType.FindBySubjectDistinguishedName, 
      "CN=SecureTrust CA, O=SecureTrust Corporation, C=US", false).Count;
store.Close();

或使用不太严格的FindBySubjectName

var store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
var count = store.Certificates.Find(X509FindType.FindBySubjectName, 
                                    "SecureTrust CA", false).Count;
store.Close();
相关问题
最新问题