Fatal编程技术网
  • csharp/
  • C# 如何创建X.509证书

C# 如何创建X.509证书

c#

C# 如何创建X.509证书,c#,x509certificate,bouncycastle,C#,X509certificate,Bouncycastle,使用bouncy castle,我创建了一个X.509v3证书,我使用了以下代码: { X509Certificate2 cerca= creer_ca("CA_certifcate"); // creer_ca is a function that create the autority Console.WriteLine("create a certificaet RSA signed by CA_certificate "); var kpgen = ne

使用bouncy castle,我创建了一个X.509v3证书,我使用了以下代码:

{

  X509Certificate2 cerca= creer_ca("CA_certifcate"); // creer_ca is a function that create the autority

Console.WriteLine("create a certificaet RSA signed by CA_certificate ");

            var kpgen = new RsaKeyPairGenerator();

            kpgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 1024));

            var cerKp = kpgen.GenerateKeyPair();

            //champs certificat

            string certSubjectName = "test_RSA";
            var certName = new X509Name("CN="+certSubjectName);               
            var serialNo = BigInteger.ProbablePrime(120, new Random());

            X509V3CertificateGenerator gen2 = new X509V3CertificateGenerator();
            gen2.SetSerialNumber(serialNo);
            gen2.SetSubjectDN(certName);
            gen2.SetIssuerDN(new X509Name(true, cerca.Subject)); // le nom de l'autorité
            gen2.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(30, 0, 0, 0)));
            gen2.SetNotAfter(DateTime.Now.AddYears(2));
            gen2.SetSignatureAlgorithm("sha512WithRSA");

            gen2.SetPublicKey(cerKp.Public);


            AsymmetricCipherKeyPair akp = DotNetUtilities.GetKeyPair(cerca.PrivateKey);
            Org.BouncyCastle.X509.X509Certificate newCert = gen2.Generate(akp.Private);
            // used for getting a private key    
            X509Certificate2 userCert = ConvertToWindows(newCert, cerKp);

            byte[] cert = DotNetUtilities.ToX509Certificate(newCert).Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pkcs12, "password");
            var certif = new X509Certificate2(cert, "password");

            X509Store store = new X509Store("Root", StoreLocation.CurrentUser); 
            store.Open(OpenFlags.ReadWrite);
            store.Add(certif);
}
显示证书时,将显示以下消息(以常规角度)

意思是

Windows does not have sufficient information to verify the certificate
为了创建权限,我使用makecert如下所示:

public static X509Certificate2 creer_ca(string ca_name)
    {


  try
  {
     Process.Start("makecert.exe", "-r -pe -n \"O=" + ca_name + ",CN=" + ca_name + " \" -ss Root -sky exchange -sp \"Microsoft RSA Schannel Cryptographic Provider\" -sy 12 -len 2048 -a sha1 certificat_" + ca_name+ ".cer");
  }
  catch
  {
      Console.WriteLine("echec création de l'autorité");
  }

  X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);

  store.Open(OpenFlags.ReadWrite);

  X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
  X509Certificate2Collection fcollection = (X509Certificate2Collection)collection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);


    X509Certificate2 certificateR = new X509Certificate2();

  bool trouvé = false;




  foreach (X509Certificate2 x509 in fcollection)
  {
      if (x509.GetNameInfo(X509NameType.SimpleName, true) == ca_name)
      {
          trouvé = true;
          certificateR = x509;

          break;
      }
  }

  store.Close();

  X509Certificate2 caCert = new X509Certificate2();

         if (trouvé == false)

            {

              Console.WriteLine ("le certificat de nom " + ca_name+ " n'a pas été trouvé");
                }

            else
            { 

            Console.WriteLine ("le certificat de nom " + ca_name+ " a été trouvé");


            caCert= certificateR;


        }
         return (caCert); //the authority is created succesfully,

     }
请提供帮助。

证书是在同一台计算机上创建和使用的吗?您不需要“new X509Certificate2()”调用,因为您只需将这些调用丢弃即可。您在CertMgr.msc中的证书路径选项卡上看到了什么?证书是在同一台计算机上创建和使用的吗?您不需要“new X509Certificate2()”调用,因为您只需将这些调用丢弃即可。您在CertMgr.msc中的证书路径选项卡上看到了什么? 
public static X509Certificate2 creer_ca(string ca_name)
    {


  try
  {
     Process.Start("makecert.exe", "-r -pe -n \"O=" + ca_name + ",CN=" + ca_name + " \" -ss Root -sky exchange -sp \"Microsoft RSA Schannel Cryptographic Provider\" -sy 12 -len 2048 -a sha1 certificat_" + ca_name+ ".cer");
  }
  catch
  {
      Console.WriteLine("echec création de l'autorité");
  }

  X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);

  store.Open(OpenFlags.ReadWrite);

  X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
  X509Certificate2Collection fcollection = (X509Certificate2Collection)collection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);


    X509Certificate2 certificateR = new X509Certificate2();

  bool trouvé = false;




  foreach (X509Certificate2 x509 in fcollection)
  {
      if (x509.GetNameInfo(X509NameType.SimpleName, true) == ca_name)
      {
          trouvé = true;
          certificateR = x509;

          break;
      }
  }

  store.Close();

  X509Certificate2 caCert = new X509Certificate2();

         if (trouvé == false)

            {

              Console.WriteLine ("le certificat de nom " + ca_name+ " n'a pas été trouvé");
                }

            else
            { 

            Console.WriteLine ("le certificat de nom " + ca_name+ " a été trouvé");


            caCert= certificateR;


        }
         return (caCert); //the authority is created succesfully,

     }