如何呈现证书“链”在SslStream中验证AsAsAsServer [英] Howto present a certificate "chain" to AuthenticateAsServer in SslStream
问题描述
Hello Forum
方法 来自SslStream的AuthenticateAsServer不幸只接受一个证书。
我创建了一个pfx文件,其中包含我的证书和所有中间证书作为链。我可以使用 X509Certificate2Collection加载此文件。但是,我如何将此链传递给SslStream,以便TLS向客户端呈现链而不是
只有一个证书。显然,如果我在客户端导入pfx文件,一切正常。但由于TLS允许将完整链传递给客户端,因此通常不需要客户端导入pfx文件。
假设serverCertificateChain的类型为X509Certificate2Collection
我希望如下:
SslStream ssl = new SslStream(cl.GetStream());
ssl.AuthenticateAsServer(serverCertificateChain);
您好Stefan_Ulm,
感谢您在此发帖。
很抱歉。根据我的搜索,SslStream.AuthenticateAsServer方法仅支持单个证书。
最好的问候,
Wendy
Hello Forum
The method AuthenticateAsServer from SslStream unfortunately only accepts a single certificate.
I created a pfx-file which contains my certificates and all intermediate certificates as a chain. I can load this file with X509Certificate2Collection. But how do I pass this chain to a SslStream so that TLS presents the chain and not only a single certificate to the client. Obviously if I import the pfx-file on the client side, everything works fine. But as TLS allows to pass the complete chain to the client it is normally not required to client to import the pfx-file.
Assuming serverCertificateChain is of type X509Certificate2Collection
I would expect something like:
SslStream ssl = new SslStream(cl.GetStream()); ssl.AuthenticateAsServer(serverCertificateChain);
Hi Stefan_Ulm,
Thank you for posting here.
Sorry for that. Based on my search, the SslStream.AuthenticateAsServer method only support a single certificate.
Best Regards,
Wendy
这篇关于如何呈现证书“链”在SslStream中验证AsAsAsServer的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!