简单C#SSL服务器:无法识别提供给包的凭据
我很难理解为什么我的简单C#SSL服务器代码会失败。当我尝试使用从文件系统加载的.p12文件“作为服务器进行身份验证”时,我得到一个错误 这是我的密码:简单C#SSL服务器:无法识别提供给包的凭据,c#,sockets,ssl,x509certificate,C#,Sockets,Ssl,X509certificate,我很难理解为什么我的简单C#SSL服务器代码会失败。当我尝试使用从文件系统加载的.p12文件“作为服务器进行身份验证”时,我得到一个错误 这是我的密码: IPEndPoint localEndPoint = new IPEndPoint(IPAddress.Any, 2045); Socket server = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp); server.Bind(loc
IPEndPoint localEndPoint = new IPEndPoint(IPAddress.Any, 2045);
Socket server = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
server.Bind(localEndPoint);
while (true)
{
server.Listen(10);
Socket client = server.Accept();
Stream clientStream = new NetworkStream(client, true);
var clientTlsStream = new SslStream(clientStream, false);
var p12Cert =
new X509Certificate2(
@"C:\Repos\ITEL-Trunk\Code\Applications\Server\bin\Debug\Configuration\Certificate_tool_signed_with_ca.p12",
"Passw0rd");
clientTlsStream.AuthenticateAsServer(p12Cert);
var cr = clientTlsStream.CanRead;
System.ComponentModel.Win32Exception was unhandled
HResult=-2147467259
Message=The credentials supplied to the package were not recognized
Source=System
ErrorCode=-2147467259
NativeErrorCode=-2146893043
X509Certificate2对象表示“Has Private Key=true”,我尝试以管理员身份运行,但运气不佳。我看到的其他问题围绕着CAPI权限,但由于我直接从文件系统加载,因此无法应用这些答案。我能够将此问题追溯到生成p12文件的方式。.p12是由一个基于Bouncy Castle的C#实用程序创建的,该实用程序没有正确打包证书和私钥。我必须更改证书生成器,使其正确打包证书和用于签名的CA证书 在我对证书生成器进行更改后,“提供给包的凭据未被识别”异常消失 以下是P12打包机代码,该代码似乎有效:
// Create the PKCS12 store
Pkcs12Store store = new Pkcs12Store();
// Add a Certificate entry
string certCn = cert.SubjectDN.GetValues(X509Name.CN).OfType<string>().Single();
X509CertificateEntry certEntry = new X509CertificateEntry(cert);
store.SetCertificateEntry(certCn, certEntry); // use DN as the Alias.
// Add a key entry & cert chain (if applicable)
AsymmetricKeyEntry keyEntry = new AsymmetricKeyEntry(kp.Private);
X509CertificateEntry[] certChain;
if (_issuerCert != null)
{
X509CertificateEntry issuerCertEntry = new X509CertificateEntry(_issuerCert);
certChain = new X509CertificateEntry[] { certEntry, issuerCertEntry};
}
else
{
certChain = new X509CertificateEntry[] { certEntry };
}
store.SetKeyEntry(certCn, keyEntry, certChain); // Set the friendly name along with the generated certs key and its chain
// Write the p12 file to disk
FileInfo p12File = new FileInfo(pathToP12File);
Directory.CreateDirectory(p12File.DirectoryName);
using (FileStream filestream = new FileStream(pathToP12File, FileMode.Create, FileAccess.ReadWrite))
{
store.Save(filestream, password.ToCharArray(), new SecureRandom());
}
//创建PKCS12存储
Pkcs12Store store=新的Pkcs12Store();
//添加证书条目
字符串certCn=cert.SubjectDN.GetValues(X509Name.CN).OfType().Single();
X509CertificateEntry=新X509CertificateEntry(证书);
store.SetCertificateEntry(certCn,certEntry);//使用DN作为别名。
//添加密钥输入和证书链(如果适用)
AsymmetricKeyEntry keyEntry=新的AsymmetricKeyEntry(kp.Private);
X509CertificateEntry[]证书链;
如果(_issuerCert!=null)
{
X509CertificateEntry issuerCertEntry=新的X509CertificateEntry(_issuerCert);
certChain=new X509CertificateEntry[]{certEntry,issuerCertEntry};
}
其他的
{
certChain=new X509CertificateEntry[]{certEntry};
}
store.SetKeyEntry(certCn,keyEntry,certChain);//设置友好名称以及生成的证书密钥及其链
//将p12文件写入磁盘
FileInfo p12文件=新的FileInfo(pathtop12文件);
Directory.CreateDirectory(p12File.DirectoryName);
使用(FileStream FileStream=new FileStream(pathToP12File,FileMode.Create,FileAccess.ReadWrite))
{
Save(filestream,password.ToCharArray(),new SecureRandom());
}