在C#中以编程方式将证书和私钥转换为.PFX [英] Convert Certificate and Private Key to .PFX programmatically in C#

问题描述

我有一个来自成功的LetsEncrypt证书请求的.cer文件输出.

I have a .cer file output from a successful LetsEncrypt certificate request.

我拥有用于​​创建LetsEncrypt的证书签名请求(CSR)的原始私钥.

I have the original Private Key used to create the Certificate Signing Request (CSR) for LetsEncrypt.

现在，我们需要使用.NET以编程方式将这两个文件合并为IIS的PFX包

Now we need to programmatically combine these two files into a PFX bundle for IIS using .NET

由于我们正在尝试以编程方式执行此操作，因此pvk2pfx不切实际，因此，如果可能的话，我们希望避免使用openssl.

Since we are trying to to do this programmatically pvk2pfx is not practical, and we would like to avoid openssl if possible.

不过，为了演示，我们试图复制此功能，但使用CS .NET而不是pvk2pfx: pvk2pfx.exe -pvk Server.pvk -spc Server.cer -pfx Server.pfx

To demonstrate though, we are trying to replicate this function but using CS .NET instead of pvk2pfx: pvk2pfx.exe -pvk Server.pvk -spc Server.cer -pfx Server.pfx

我已经进行了详尽的研究，这是我看到的可能性:

I have researched exhaustively and here are the possibilities I see:

一种方法似乎正在使用X509Certificate2之类的东西:

One method seems to be using X509Certificate2 something like:

// Import the certificate
X509Certificate2 cert = new X509Certificate2("c:\\cert.cer");

// Import the private key
X509Certificate2 cert = new X509Certificate2("c:\\key.pvk");

// Or import the private key - Alternative method
X509DecryptString(token, @"c:\CA.pvk", "mypassword");

// Export the PFX file
certificate.Export(X509ContentType.Pfx, "YourPassword");
File.WriteAllBytes(@"C:\YourCert.pfx", certificateData);

还有其他一些方法，但是它们似乎都忽略了有关私钥的部分，或者它们需要pvk2pfx.exe

Here are some other methods but all of them seem to omit the part about the Private Key or they require pvk2pfx.exe

从cert文件到pfx文件的转换 https://stackoverflow.com/a/4797392/3693688

Conversion from cert file to pfx file https://stackoverflow.com/a/4797392/3693688

如何以编程方式创建X509Certificate2? http://www.wiktorzychla.com/2012/12/how-to-create-x509certificate2.html

How to create a X509Certificate2 programmatically? http://www.wiktorzychla.com/2012/12/how-to-create-x509certificate2.html

选择，创建和查找X509证书: http://www.wou.edu /~rvitolo06/WATK/Demos/HPCImageRendering/code/ImageRendering/AppConfigure/CertHelper.cs

Select, Create and Find X509 Certificates: http://www.wou.edu/~rvitolo06/WATK/Demos/HPCImageRendering/code/ImageRendering/AppConfigure/CertHelper.cs

无法将带有私钥的生成的证书导出到字节数组 无法导出生成带有私钥的证书，该证书具有.NET 4.0/4.5中的字节数组

Cannot export generated certificate with private key to byte array Cannot export generated certificate with a private key to byte array in .NET 4.0/4.5

如何以编程方式将带有证书链的pfx导入证书存储中. https://stackoverflow.com/a/9152838/3693688

How to programmatically import a pfx with a chain of certificates into the certificate store. https://stackoverflow.com/a/9152838/3693688

以C#编程方式导入.cer和.pvk证书文件，以与netsh http add sslcert一起使用 https://gist.github.com/BrandonLWhite/235fa12247f6dc827051

Import .cer and .pvk certificate files programmatically in C# for use with netsh http add sslcert https://gist.github.com/BrandonLWhite/235fa12247f6dc827051

将cer转换为pfx证书的方法 https://gist.github.com/domgreen/988684

Method to convert cer to pfx cert https://gist.github.com/domgreen/988684

CryptoGuy建议我们需要此链接: https://gist.github.com/BrandonLWhite/235fa12247f6dc827051

CryptoGuy suggested we need this link: https://gist.github.com/BrandonLWhite/235fa12247f6dc827051

这是否意味着类似的东西会很好?

Does that mean something like this would be good?

是否需要CSP零件?

using System.Security.Cryptography.X509Certificates;
using System.Security.Cryptography;

    var PublicKey = AssemblyUtility.GetEmbeddedFileAsByteArray("Cert.cer");
    var PrivateKey = AssemblyUtility.GetEmbeddedFileAsByteArray("PrivateKey.pvk");
    var certificate = new X509Certificate2(PublicKey, string.Empty, 
        X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
    var cspParams = new CspParameters
    {
        ProviderType = 1,
        Flags = CspProviderFlags.UseMachineKeyStore,
        KeyContainerName = Guid.NewGuid().ToString().ToUpperInvariant()
    };
    var rsa = new RSACryptoServiceProvider(cspParams);

    rsa.ImportCspBlob(ExtractPrivateKeyBlobFromPvk(PrivateKey));
    rsa.PersistKeyInCsp = true;
    certificate.PrivateKey = rsa;

    certificate.Export(X509ContentType.Pfx, "YourPassword");
    File.WriteAllBytes(@"C:\YourCert.pfx", certificateData);

推荐答案

CryptoGuy的回答确实很有帮助，并为我们指明了正确的方向.

CryptoGuy's answer was really helpful and pointed us in the right direction.

我们仍在努力导入Binary DER文件，但是此代码修复了该问题:

We were still struggling to import a Binary DER file but this code fixed that:

var oc = OpenSSL.X509.X509Certificate.FromDER(bio); 

这些页面很有用:

https://github.com/openssl-net/openssl-net/blob/master/ManagedOpenSsl/X509/X509Certificate.cs

https://msdn.microsoft. com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.rawdata

非常感谢您的帮助:)

这篇关于在C#中以编程方式将证书和私钥转换为.PFX的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！