我在网上搜索了一下,找到了很多从.net文件中生成新x509Certificate2的示例,但没有一个示例可以展示如何在.net中从头生成一个全新的x509Certificate2。
有没有人可以告诉我怎么用.net来做?
非常感谢。
发布于 2012-02-12 23:37:44
下面是你可以使用的代码:
static X509Certificate2 GenerateCertificate(string certName)
{
var keypairgen = new RsaKeyPairGenerator();
keypairgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 1024));
var keypair = keypairgen.GenerateKeyPair();
var gen = new X509V3CertificateGenerator();
var CN = new X509Name("CN=" + certName);
var SN = BigInteger.ProbablePrime(120, new Random());
gen.SetSerialNumber(SN);
gen.SetSubjectDN(CN);
gen.SetIssuerDN(CN);
gen.SetNotAfter(DateTime.MaxValue);
gen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0)));
gen.SetSignatureAlgorithm("MD5WithRSA");
gen.SetPublicKey(keypair.Public);
var newCert = gen.Generate(keypair.Private);
return new X509Certificate2(DotNetUtilities.ToX509Certificate((Org.BouncyCastle.X509.X509Certificate)newCert));
}
要实现此功能,请不要忘记添加对BouncyCastle library的引用
发布于 2019-04-05 18:42:19
打开ssl以创建x509证书
1.从以下链接下载Win64 Openssl。(Win64 OpenSSL v1.1.0j - 37mb安装程序) URL - https://slproweb.com/products/Win32OpenSSL.html
2.安装后设置系统path环境变量(path= C:\OpenSSL-Win64\bin)
3.打开命令提示符,将目录更改为桌面。
4.创建密钥的命令: Private:openssl req -x509 -days 365 -newkey rsa:2048 -keyout cert-key.pem -out cert.pem
输入命令并按照说明进行操作。
5.现在我们在桌面上有两个文件,分别名为cert-key.pem和cert.pem。要创建.pfx文件,请运行以下命令openssl pkcs12 -export -in cert.pem -inkey cert-key.pem -out x509-cert.pfx
并按照说明操作(输入相同的密码)。
6.创建公钥的命令:openssl pkcs12 -in x509-cert.pfx -clcerts -nokeys -out x509-cert-public.pem
,并按照说明操作。
7.将证书注册到mmc。
发布于 2020-12-12 05:23:43
签出CertificateRequest (名称空间: System.Security.Cryptography.X509Certificates)...
public static X509Certificate2 GenerateSelfSignedCertificate()
{
string secp256r1Oid = "1.2.840.10045.3.1.7"; //oid for prime256v1(7) other identifier: secp256r1
string subjectName = "Self-Signed-Cert-Example";
var ecdsa = ECDsa.Create(ECCurve.CreateFromValue(secp256r1Oid));
var certRequest = new CertificateRequest($"CN={subjectName}", ecdsa, HashAlgorithmName.SHA256);
//add extensions to the request (just as an example)
//add keyUsage
certRequest.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, true));
X509Certificate2 generatedCert = certRequest.CreateSelfSigned(DateTimeOffset.Now.AddDays(-1), DateTimeOffset.Now.AddYears(10)); // generate the cert and sign!
X509Certificate2 pfxGeneratedCert = new X509Certificate2(generatedCert.Export(X509ContentType.Pfx)); //has to be turned into pfx or Windows at least throws a security credentials not found during sslStream.connectAsClient or HttpClient request...
return pfxGeneratedCert;
}
https://stackoverflow.com/questions/2315257
复制相似问题