我正在尝试创建SSL证书,这样做我看到了一个浏览器警告:Issuer_Unknown。
为了测试,我制作了makecert特别为该域签名的证书,authorityKeyIdentifier(oid = 2.5.29.1)扩展名与我BouncyCastle生成的扩展名不同,是吗?
我的代码:
//Loading keyPair from PEM file.
AsymmetricCipherKeyPair LocalCertificate;
var fs = new FileStream(myCertPath, FileMode.Open);
StreamReader sr = new StreamReader(fs);
PemReader pr = new PemReader(sr, new PemPassword());
LocalCertificate = (AsymmetricCipherKeyPair) pr.ReadObject();
//extend certificate
var subjectKeyID = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(LocalCertificate.Public);
certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(subjectKeyID));