如何直接在Kestrel中使用PEM证书？ [英] How to use PEM certificate in Kestrel directly?

问题描述

我想在我的ASP.Net Core 2.0（带有Kestrel Web服务器）应用程序中使用HTTPS。

I want to use HTTPS in my ASP.Net Core 2.0 (with Kestrel web server) application.

官方文档使用pfx格式，但我想直接使用 PEM 格式（由让我们加密生成），而无需进行任何转换（至少没有任何转换）在我的C＃代码之外）。

The official documentation uses pfx format, but I want to use PEM format (generated from Let's encrypt) directly without any conversion (at least nothing outside my C# code). Is is possible?

推荐答案

简短的答案是，你做不到。至少，您不能不做大量工作或使用类似Bouncy Castle的工具。

The short answer is that you can't. At least, you can't without a whole lot of work or using something like Bouncy Castle.

当将证书和密钥放到PFX中时，X509Certificate2对象将具有 cert.HasPrivateKey == true ，并且能够通过 Get [Algorithm] PrivateKey 使用私钥扩展方法家族。当您加载PEM证书时，只会加载公共证书部分（如果它是粘贴了PEM密钥的PEM证书？那仍然只是PEM证书）。

When the cert and the key are put together into a PFX the X509Certificate2 object will have cert.HasPrivateKey == true, and is capable of using the private key via the Get[Algorithm]PrivateKey extension method family. When you load a PEM certificate only the public certificate portion is loaded (and if it's a PEM certificate with a PEM key glued onto it? That's still just a PEM certificate).

获取与证书关联的私钥的简单方法是使用新的扩展名（在.NET Core 2.0中） certWithKey = cert.CopyWithPrivateKey（key）。因此，现在您只是需要加载私钥。 .NET当前不具备加载（或保存）。key文件的能力（无论其扩展名如何）。如果您想在加载时有所作为，则可能需要检查一些现有技术：

The easy way to get a private key associated with a certificate is with the new (in .NET Core 2.0) certWithKey = cert.CopyWithPrivateKey(key) extension method family. So now you "just" need to load the private key. .NET does not currently have the ability to load (or save) ".key" files (no matter what their extension). If you want to take a crack at loading one you might want to check some prior art:

• 如何在C＃中解析（转换为RSAParameters）X.509私钥？


• 使用C＃中的RSA私钥文件创建RSACryptoServiceProvider对象


• 如何在pem证书中加密私钥？


• 将X509证书中的私钥/公钥导出到PEM

• How to parse(Convert to RSAParameters) X.509 private key in C#?
• Create RSACryptoServiceProvider object using RSA private key file in C#
• How is a private key encrypted in a pem certificate?
• Export private/public keys from X509 certificate to PEM

好消息是.NET计划支持将来加载密钥（ https://github.com/dotnet/corefx/issues/20414 ），但由于尚未完成（发布的内容要少得多），目前无济于事。

The good news is that .NET is planning to support loading keys in the future (https://github.com/dotnet/corefx/issues/20414), but since it isn't done yet (much less released) that doesn't help you right now.

这篇关于如何直接在Kestrel中使用PEM证书？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！