如何以编程方式将带有证书链的pfx导入证书存储中? [英] How to programmatically import a pfx with a chain of certificates into the certificate store?
问题描述
我正在尝试以编程方式在本地计算机的证书存储区中导入X509证书(pfx / PKCS#12)。该特定证书具有证书链,证书路径如下所示:
I am trying to programmatically import a X509 certificate (pfx / PKCS#12) in my local machine's certificate store. This particular certificate has a chain of certificates, the certification path looks something like this:
- 根证书CA
- 组织证书CA
- 组织2证书CA
- 我的证书
我使用的代码如下:
cert = new X509Certificate2(pathToCert, password); if (cert != null) { var store = new X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadWrite); if (!store.Certificates.Contains(cert)) { store.Add(cert); } }此代码确实导入了证书,但是似乎忽略链条。如果我在商店中检查证书,则证书路径仅显示:
This code does import the certificate, however it seems to ignore the chain. If I check the certificate in the store, the certification path only shows:
- 我的证书
但是,当我手动导入pfx时,它确实显示了完整路径。
我要跳过这里吗,还是缺少一些参数?有人可以对此进行说明吗?However when I import the pfx manually, it does show the full path. Am I skipping a step here, or am I missing some parameter? Can someone shed some light on this?
推荐答案
您应该能够遍历PFX中的证书(并将它们导入到
You should be able to iterate over the certs in your PFX (and import each into the cert store of your choice) by opening the PFX file as an X509Certificate2Collection object.
以下是X509Certificate2Collection上的文档:
Here are the docs on X509Certificate2Collection:
MSDN在该文档页面中提供了一些示例代码,说明了如何检查集合中的每个证书。
MSDN provides some sample code in that docs page on how to inspect each cert in the collection.
一旦您知道CN / Issuers /有关每个证书的其他信息,就应该清楚每个证书需要添加到哪个证书存储中。为此,您可以使用X509Store类和StoreName枚举来指定要打开/添加到的商店:
Once you know the CNs/Issuers/other info about each cert it should be clear which certificate store each one needs to be added to. For that you can use the X509Store class and the StoreName enumeration to specify which store you want to open/add to:
http://msdn.microsoft.com/zh-cn/library/system.security.cryptography.x509certificates.storename.aspx
也请参阅我对类似SO问题的答案:
Also see my answer to a similar SO question:
如该答案的最新评论之一所述,当您尝试将证书导入货币输入用户的根存储(名称/位置为 StoreName.Root和 StoreLocation.CurrentUser),您将弹出一个对话框,要求您确认。
As mentioned in one of the latest comments on that answer, when you try to import a cert to the current user's Root store ("StoreName.Root" and "StoreLocation.CurrentUser" as the name/location) you will get a popup dialog asking you to confirm.
解决我只是在证书导入方法中添加了一些MS UI自动化代码,以在提示上单击确定。
To solve that I just added a little MS UI Automation code to my cert import method, to click OK on the prompt.
或者,正如评论者 CodeWarrior所说的那样因此,请回答答案,为避免出现弹出对话框,您可以尝试将根证书而不是CurrentUser放到LocalMachine存储中。
Or, as the commenter "CodeWarrior" says in the other SO answer's comment, to avoid the popup dialog you can try putting the root cert into the LocalMachine store instead of CurrentUser.
示例代码:
string certPath = <YOUR PFX FILE PATH>; string certPass = <YOUR PASSWORD>; // Create a collection object and populate it using the PFX file X509Certificate2Collection collection = new X509Certificate2Collection(); collection.Import(certPath, certPass, X509KeyStorageFlags.PersistKeySet); foreach (X509Certificate2 cert in collection) { Console.WriteLine("Subject is: '{0}'", cert.Subject); Console.WriteLine("Issuer is: '{0}'", cert.Issuer); // Import the certificate into an X509Store object }这篇关于如何以编程方式将带有证书链的pfx导入证书存储中?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
- 组织2证书CA
- 组织证书CA
