我正在使用以下代碼生成 X509 證書以使用 .NET 在 Azure 中授權應用程式:
private static X509Certificate2 BuildSelfSignedCertificate(string CertificateName, int DaysValid)
{
SubjectAlternativeNameBuilder sanBuilder = new SubjectAlternativeNameBuilder();
sanBuilder.AddIpAddress(IPAddress.Loopback);
sanBuilder.AddIpAddress(IPAddress.IPv6Loopback);
sanBuilder.AddDnsName("localhost");
sanBuilder.AddDnsName(Environment.MachineName);
X500DistinguishedName distinguishedName = new X500DistinguishedName($"CN={CertificateName}");
using RSA rsa = RSA.Create(2048);
var request = new CertificateRequest(distinguishedName, rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
request.CertificateExtensions.Add(
new X509KeyUsageExtension(X509KeyUsageFlags.DataEncipherment | X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DigitalSignature, false));
request.CertificateExtensions.Add(
new X509EnhancedKeyUsageExtension(
new OidCollection { new Oid("1.3.6.1.5.5.7.3.1") }, false));
request.CertificateExtensions.Add(sanBuilder.Build());
var certificate = request.CreateSelfSigned(new DateTimeOffset(DateTime.UtcNow.AddDays(-1)), new DateTimeOffset(DateTime.UtcNow.AddDays(DaysValid)));
#pragma warning disable CA1416 // Validate platform compatibility
certificate.FriendlyName = CertificateName;
#pragma warning restore CA1416 // Validate platform compatibility
return certificate;
}
這很好用,但是當我使用以下方法匯入證書時,不包括私鑰:
X509Store store = new(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.Add(cert);
store.Close();
但是,如果我將證書匯出到位元組陣列并X509Certificate2從陣列中創建一個新物件,則私鑰會正確匯入。
var cert = new X509Certificate2(certificate.Export(X509ContentType.Pkcs12, "password"), "password", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);

請注意“您有一個與此證書對應的私鑰”訊息。
如何在不采用這種尷尬的解決方法的情況下匯入證書 私鑰?
uj5u.com熱心網友回復:
如何在不采用這種尷尬的解決方法的情況下匯入證書 私鑰?
首先將密鑰創建為持久密鑰。
using RSA rsa = RSA.Create(2048);
此行創建一個臨時(僅在記憶體中)私鑰。相反,你可以做
CngKeyCreationParameters keyParams = new CngKeyCreationParameters
{
ExportPolicy = CngExportPolicies.AllowPlaintextExport,
KeyCreationOptions = CngKeyCreationOptions.MachineKey,
Parameters =
{
new CngProperty("Length", BitConverter.GetBytes(2048), CngPropertyOptions.Persist),
},
};
using CngKey cngKey = CngKey.Create(CngAlgorithm.Rsa, Guid.NewGuid().ToString("D"), keyParams);
using RSA rsa = new RSACng(cngKey);
現在創建的證書與一個已經持久化的密鑰相關聯。
(請注意,此代碼段使用 MachineKey 和可匯出,因為這就是問題作為 PFX 匯入標志的內容)
轉載請註明出處,本文鏈接:https://www.uj5u.com/shujuku/453928.html
