如何使用Mono.Security设置X509 SubjectAltName(SAN)?

时间:2017-05-02 17:57:23

标签: c# google-chrome ssl mono

Chrome 58弃用了省略主题备用名称(SAN)的自签名证书。我使用Mono.Security.X509 X509CertificateBuilder()在' localhost'上为Windows OWIN服务创建证书。使浏览器能够与TWAIN扫描仪通信。该证书目前仅设置公共名称,因此对于Chrome 58来说不够。

创建自签名证书的正确方法是什么,该证书使Chrome能够使用Mono.Security.X509与localhost上的OWIN服务进行通信?

    RSA subjectKey = new RSACryptoServiceProvider(2048);

    X509CertificateBuilder cb = new X509CertificateBuilder(3);
    cb.SerialNumber = GenerateSerialNumber();
    cb.IssuerName = "CN=localhost";
    cb.NotBefore = notBefore;
    cb.NotAfter = notAfter;
    cb.SubjectName = "CN=localhost";
    cb.SubjectPublicKey = subjectKey;
    cb.Hash = "SHA256";

    byte[] rawcert = cb.Sign(subjectKey);
    PKCS12 p12 = new PKCS12();
    p12.Password = password;

    Hashtable attributes = GetAttributes();
    p12.AddCertificate(new X509Certificate(rawcert), attributes);
    p12.AddPkcs8ShroudedKeyBag(subjectKey, attributes);

    return p12.GetBytes();

1 个答案:

答案 0 :(得分:0)

var san = new SubjectAltNameExtension(new string[0], new string[1] { "localhost" }, new string[0], new string[0]); 
cb.Extensions.Add(san);

我在Jexus Manager中测试了这个,

https://github.com/jexuswebserver/JexusManager/blob/master/JexusManager.Features.Certificates/SelfCertificateDialog.cs