Chrome 58弃用了省略主题备用名称(SAN)的自签名证书。我使用Mono.Security.X509 X509CertificateBuilder()在' localhost'上为Windows OWIN服务创建证书。使浏览器能够与TWAIN扫描仪通信。该证书目前仅设置公共名称,因此对于Chrome 58来说不够。
创建自签名证书的正确方法是什么,该证书使Chrome能够使用Mono.Security.X509与localhost上的OWIN服务进行通信?
RSA subjectKey = new RSACryptoServiceProvider(2048);
X509CertificateBuilder cb = new X509CertificateBuilder(3);
cb.SerialNumber = GenerateSerialNumber();
cb.IssuerName = "CN=localhost";
cb.NotBefore = notBefore;
cb.NotAfter = notAfter;
cb.SubjectName = "CN=localhost";
cb.SubjectPublicKey = subjectKey;
cb.Hash = "SHA256";
byte[] rawcert = cb.Sign(subjectKey);
PKCS12 p12 = new PKCS12();
p12.Password = password;
Hashtable attributes = GetAttributes();
p12.AddCertificate(new X509Certificate(rawcert), attributes);
p12.AddPkcs8ShroudedKeyBag(subjectKey, attributes);
return p12.GetBytes();
答案 0 :(得分:0)
var san = new SubjectAltNameExtension(new string[0], new string[1] { "localhost" }, new string[0], new string[0]);
cb.Extensions.Add(san);
我在Jexus Manager中测试了这个,