我想务实地使用我们的CA模板为我们的每个用户创建新证书(签署数字化会计凭证)。 手动,我设法做到了
我还设法通过非常错误的方法来创建一个简单的请求
string certificatePath = Server.MapPath("~/Files/comp-crt-ca.crt");
string privateKeyPath = Server.MapPath("~/Files/comp-pem-ca.key");
string certificateText = System.IO.File.ReadAllText(certificatePath);
string privateKeyText = System.IO.File.ReadAllText(privateKeyPath);
System.Security.Cryptography.X509Certificates.X509Certificate2 certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificatePath);
pass = "111111";
X509Certificate certBaseForm = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(certificate);
var newStore = new Pkcs12Store();
var certEntry = new X509CertificateEntry(certBaseForm);
newStore.SetCertificateEntry(signatureAliasTemplate, certEntry);
newStore.SetKeyEntry(signatureAliasTemplate, new AsymmetricKeyEntry(kp.Private), new[] { certEntry });
using (var certFile = System.IO.File.Create(pathPfx))
{
newStore.Save(certFile, pass.ToCharArray(), new SecureRandom(new CryptoApiRandomGenerator()));
}
System.Security.Cryptography.X509Certificates.X509Certificate2 newCert = new System.Security.Cryptography.X509Certificates.X509Certificate2(pathPfx);
using (System.Security.Cryptography.X509Certificates.X509Store store = new System.Security.Cryptography.X509Certificates.X509Store(
System.Security.Cryptography.X509Certificates.StoreName.CertificateAuthority,
System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine))
{
store.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadWrite);
store.Add(newCert); //where cert is an X509Certificate object
}
显然,由于.pem位于我的根目录上,因此这是一个非常糟糕的做法,但我这样做只是为了查看是否要创建证书-而且确实是,但要在根目录授权而不是模板上。 / p>
我添加了一个截图来演示,最后一行是由我的代码创建的,其中的行带有“ signserver-newdoc_4”。其余的-手动创建的,这是我试图实现的目标
有人能指出我的方向吗?在过去的两周里,我浏览了无数篇文章。.如果我知道正确的库,那么简单的事情对我来说似乎没什么。