我使用以下方法在Azure Key Vault中创建了自签名证书:
public void CreateRootCertificate()
{
var certPolicy = new CertificatePolicy();
certPolicy.Attributes = new CertificateAttributes();
certPolicy.Attributes.NotBefore = DateTime.Now;
certPolicy.Attributes.Expires = DateTime.Now.AddDays(1);
certPolicy.IssuerParameters = new IssuerParameters()
{
Name = "Self",
};
certPolicy.KeyProperties = new KeyProperties(true);
certPolicy.SecretProperties = new SecretProperties();
certPolicy.X509CertificateProperties = new X509CertificateProperties()
{
Subject = "CN=testyMcTesterson",
};
var operation = this.client.CreateCertificateAsync(keyVaultUrl, testRootName, certPolicy);
operation.Wait();
}
现在,在创建自签名证书之后,我想使用此证书对其他证书进行签名。唯一的警告是,我想这样做而不必从密钥库中拉出私钥。这有可能吗?我已经尝试了以下方法的几种排列。
public void CreateSignedCertificate()
{
var certPolicy = new CertificatePolicy();
certPolicy.Attributes = new CertificateAttributes();
certPolicy.Attributes.NotBefore = DateTime.Now;
certPolicy.Attributes.Expires = DateTime.Now.AddDays(1);
certPolicy.IssuerParameters = new IssuerParameters()
{
Name = "CN=testyMcTesterson"
};
certPolicy.KeyProperties = new KeyProperties(true);
certPolicy.SecretProperties = new SecretProperties();
certPolicy.X509CertificateProperties = new X509CertificateProperties()
{
Subject = "CN=testyJunior",
};
var operation = this.client.CreateCertificateAsync(keyVaultUrl, "testyJunior", certPolicy);
operation.Wait();
}
这包括将颁发者设置为"testyMcTesterson",而不设置CN=,将其设置为密钥库证书标识符和密钥库密钥。我想对其进行设置,以便只有签名证书的.cer文件才能离开密钥库。所有这些都引发了400个异常,表示IssuerParameters.Name属性无效。我意识到我很可能在根目录和客户端上都缺少一些EKU,但是我现在要解决的问题是确定这种情况是否可行。缺少IssuerParameters类的文档。