C#枚举TLS证书支持的所有主机名
我已经使用了一段时间来枚举机器上的所有TLS证书(在代码中验证重定向到SSL是否有效,并在证书丢失时发出警告)。我有下面的列表函数,它可以帮助我诊断问题,比如我现在遇到的问题,但我似乎找不到我需要的数据:C#枚举TLS证书支持的所有主机名,c#,ssl,x509,x509certificate2,C#,Ssl,X509,X509certificate2,我已经使用了一段时间来枚举机器上的所有TLS证书(在代码中验证重定向到SSL是否有效,并在证书丢失时发出警告)。我有下面的列表函数,它可以帮助我诊断问题,比如我现在遇到的问题,但我似乎找不到我需要的数据: System.Security.Cryptography.X509Certificates.X509Store store = new System.Security.Cryptography.X509Certificates.X509Store(System.Security
System.Security.Cryptography.X509Certificates.X509Store store = new System.Security.Cryptography.X509Certificates.X509Store(System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine);
store.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadOnly);
DateTime utcNow = DateTime.UtcNow;
foreach (System.Security.Cryptography.X509Certificates.X509Certificate2 mCert in store.Certificates)
{
writer.WriteStartElement("certificate");
writer.WriteAttributeString("friendlyName", mCert.FriendlyName);
writer.WriteAttributeString("subjectName", mCert.SubjectName.Name);
writer.WriteAttributeString("subject", mCert.Subject);
writer.WriteAttributeString("simpleName", mCert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false));
writer.WriteAttributeString("dnsName", mCert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.DnsName, false));
writer.WriteAttributeString("certhash", mCert.GetCertHashString());
writer.WriteAttributeString("effectivedate", mCert.GetEffectiveDateString());
writer.WriteAttributeString("expirationdate", mCert.GetExpirationDateString());
writer.WriteAttributeString("format", mCert.GetFormat());
writer.WriteAttributeString("keyalgorithm", mCert.GetKeyAlgorithm());
writer.WriteAttributeString("publickey", mCert.GetPublicKeyString());
writer.WriteAttributeString("serialnumber", mCert.SerialNumber);
writer.WriteAttributeString("hasprivatekey", XmlConvert.ToString(mCert.HasPrivateKey));
writer.WriteAttributeString("issuer", mCert.Issuer);
// NOTE: X509Certificate2 as provided by .NET uses local datetimes, so we need to convert them to the sane choice of UTC here
writer.WriteAttributeString("notafterutc", XmlConvert.ToString(mCert.NotAfter.ToUniversalTime(), XmlDateTimeSerializationMode.Utc));
writer.WriteAttributeString("notbeforeutc", XmlConvert.ToString(mCert.NotBefore.ToUniversalTime(), XmlDateTimeSerializationMode.Utc));
writer.WriteAttributeString("validnow", XmlConvert.ToString(mCert.NotBefore.ToUniversalTime() < utcNow && utcNow < mCert.NotAfter.ToUniversalTime()));
writer.WriteAttributeString("timeuntilexpiration", XmlConvert.ToString(mCert.NotAfter.ToUniversalTime() - utcNow));
writer.WriteAttributeString("thumbprint", mCert.Thumbprint);
writer.WriteAttributeString("version", mCert.Version.ToString());
writer.WriteEndElement(); // certificate
}
writer.WriteEndElement(); // certificates
writer.WriteEndResponse();
System.Security.Cryptography.X509Certificates.X509Store=new System.Security.Cryptography.X509Certificates.X509Store(System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine);
store.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadOnly);
DateTime utcNow=DateTime.utcNow;
foreach(System.Security.Cryptography.X509Certificates.X509Certificate2 mCert-in-store.Certificates)
{
编写人。书面声明(“证书”);
WriteAttributeString(“friendlyName”,mCert.friendlyName);
WriteAttributeString(“subjectName”,mCert.subjectName.Name);
WriteAttributeString(“主题”,mCert.subject);
WriteAttributeString(“simpleName”,mCert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.simpleName,false));
WriteAttributeString(“dnsName”,mCert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.dnsName,false));
WriteAttributeString(“certhash”,mCert.GetCertHashString());
WriteAttributeString(“effectivedate”,mCert.GetEffectiveDateString());
WriteAttributeString(“expirationdate”,mCert.GetExpirationDateString());
WriteAttributeString(“format”,mCert.GetFormat());
WriteAttributeString(“keyalgorithm”,mCert.GetKeyAlgorithm());
WriteAttributeString(“publickey”,mCert.GetPublicKeyString());
WriteAttributeString(“serialnumber”,mCert.serialnumber);
WriteAttributeString(“hasprivatekey”,XmlConvert.ToString(mCert.hasprivatekey));
WriteAttributeString(“发卡行”,mCert.发卡行);
//注:由.NET提供的X509Certificate2使用本地日期时间,因此我们需要在此处将其转换为UTC的合理选择
WriteAttributeString(“notafterutc”,XmlConvert.ToString(mCert.NotAfter.ToUniversalTime(),XmlDateTimeSerializationMode.Utc));
WriteAttributeString(“notbeforeTutc”,XmlConvert.ToString(mCert.NotBefore.ToUniversalTime(),XmlDateTimeSerializationMode.Utc));
WriteAttributeString(“validnow”,XmlConvert.ToString(mCert.NotBefore.ToUniversalTime()
由于希望在同一IP地址上支持新的备用主机名,我们最近切换到使用具有多个主机的UCC证书。不幸的是,上面的代码似乎看不到证书“Subject alternative Name”字段中指定的任何替代主机名(UCC证书用于指定多个主机的名称),并且我很难找到允许我访问此数据的属性或函数
简言之,是否有人知道如何使用C#?从本地安装的证书的“Subject Alternative Name”字段中获取受支持的主机名列表,而不是作为单独的列表,而是作为单个列表—只需找到Subject Alternative names extension并调用
。Format(bool multiLine)
方法:
var sanNames = String.Empty;
var san = mCert.Extensions["2.5.29.17"];
if (san != null) {
sanNames = san.Format(false);
}
if (!String.IsNullOrEmpty(sanNames)) {// write sanNames variable to XML}
詹姆斯编辑:以下是完整的修改:
System.Security.Cryptography.X509Certificates.X509Extension uccSan = mCert.Extensions["2.5.29.17"];
if (uccSan != null)
{
foreach (string nvp in uccSan.Format(true).Split(new string[] { Environment.NewLine }, StringSplitOptions.RemoveEmptyEntries))
{
writer.WriteStartElement("alternateName");
string[] parts = nvp.Split('=');
string name = parts[0];
string value = (parts.Length > 0) ? parts[1] : null;
writer.WriteAttributeString("type", name);
writer.WriteAttributeString("value", value);
writer.WriteEndElement(); // alternateName
}
}
你真的是加密人!非常感谢!神奇的
2.5.29.17
ip地址是什么?这是从哪里来的?@Brondahl这不是一个ip地址,它是一个OID-see