C#学习教程:ThegeneratedsignedX.509clientcertificateisinvalid(nocertificatechainto其CA)X.509客户端证书并使用已知的CA将它们发出。首先,我从证书库中读取CA证书,生成一个客户端证书,并使用CA对其进行签名。证书验证因以下问题而失败无法将证书链构建到受信任的根颁发机构。据我了解,这是由于证书与CA无关。这是一个代码示例:publicstaticX509Certificate2GenerateCertificate(X509Certificate2caCert,stringcertSubjectName){//生成证书varcerKp=kpgen.GenerateKeyPair();varcertName=newX509Name(true,certSubjectName);//subjectName=uservarserialNo=BigInteger.ProbablePrime(120,newRandom());X509V3CertificateGeneratorgen2=newX509V3CertificateGenerator();gen2.SetSerialNumber(序列号);gen2.SetSubjectDN(certName);gen2.SetIssuerDN(新X509Name(真,caCert.Subject));gen2.SetNotAfter(DateTime.Now.AddDays(100));gen2.SetNotBefore(DateTime.Now.Subtract(newTimeSpan(7,0,0,0)));gen2.SetSignatureAlgorithm("SHA1WithRSA");gen2.SetPublicKey(cerKp.Public);AsymmetricCipherKeyPairakp=DotNetUtilities.GetKeyPair(caCert.PrivateKey);Org.BouncyCastle.X509.X509CertificatenewCert=gen2.Generate(caKp.Private);//用于获取私钥X509Certificate2userCert=ConvertToWindows(newCert,cerKp);如果(caCert22.Verify())//有效对于CA{if(userCert.Verify())//客户端证书失败{returnuserCert;}}返回空值;}privatestaticX509Certificate2ConvertToWindows(Org.BouncyCastle.X509.X509CertificatenewCert,AsymmetricCipherKeyPairkp){stringtempStorePwd="abcd1234";vartempStoreFile=newFileInfo(Path.GetTempFileName());try{//存储密钥{varnewStore=newPkcs12Store();varcertEntry=newX509CertificateEntry(newCert);newStore.SetCertificateEntry(newCert.SubjectDN.ToString(),certEntry);newStore.SetKeyEntry(newCert.SubjectDN.ToString(),newAsymmetricKeyEntry(kp.Private),new[]{certEntry});使用(vars=tempStoreFile.Create()){newStore.Save(s,tempStorePwd.ToCharArray(),newSecureRandom(newCryptoApiRandomGenerator()));}}//重新加载密钥returnnewX509Certificate2(tempStoreFile.FullName,tempStorePwd);}最后{tempStoreFile.Delete();}}我想出来了如果调用X509Certificate.Verify(publicKey),则必须在Pkcs10CertificationRequest中传递CA的公钥,而不是客户端的公钥。以上就是C#学习教程的全部内容:生成的签名X.509客户端证书无效(没有到其CA的证书链)。如果对大家有用,需要进一步了解C#学习教程,希望大家多加关注——本文收集自网络,不代表立场。如涉及侵权,请点击右侧联系管理员删除。如需转载请注明出处:
