在计算机上未安装PFX的情况下，使用客户端证书发出HTTP请求? [英] Make HTTP request with client cert without the PFX installed on the machine?

问题描述

我有一个小型控制台应用程序，该应用程序使用客户端证书来创建HttpWebRequest:

I have a small console application that uses a client certificate to make an HttpWebRequest:

X509Certificate Cert = X509Certificate.CreateFromCertFile("JohnDoe.cer");            
HttpWebRequest Request = (HttpWebRequest)
WebRequest.Create("https://10.135.12.166:4434");
Request.ClientCertificates.Add(Cert);
Request.UserAgent = "Client Cert Sample";
Request.Method = "GET";
HttpWebResponse Response = (HttpWebResponse) Request.GetResponse();

当我在计算机上执行此代码时，我将可以访问相应的.pfx文件，并且我相信使用

I will have access to the corresponding .pfx file when I execute this code on my machine, and I believe using something mentioned in this thread I'll be able to install the pfx file on my machine, but I don't want to do this.

有什么方法可以通过请求中附带的pfx证书发出此请求?我的意思是，仅将上述代码中的JohnDoe.cer替换为JohnDoe.pfx，还是类似的东西?

Is there any way by which I'll be able to make this request with the pfx certificate somehow attached in the request? I mean, by just replacing JohnDoe.cer with JohnDoe.pfx in the above code, or something of the sort?

谢谢.

编辑:这个问题的全部目的是我希望使用一种方法而不需要在我的计算机上安装该证书.我可以按照esskar和xaver建议的方式使用它，但是我不想在计算机上安装证书.如果无法做到这一点，那么有人可能会解释为什么我们不能做到这一点吗?

EDIT: The entire point of this question is that I want a way to work with the cert without having to instal it on my computer. I can use it in the manner esskar and xaver suggested, but I don't want to install the cert on my machine. If this isn't possible to do, any chance someone can provide an explanation about why we can't do this?

推荐答案

PFX是可以容纳一个或多个证书的容器.您可以使用以下代码在c#中打开它们

PFX is a container that can hold one or more certificates. You can open them in c# using the following code

X509Certificate2Collection collection = new X509Certificate2Collection();
collection.Import("JohnDoe.pfx", "password-for-pfx", X509KeyStorageFlags.PersistKeySet);

现在遍历集合并找到所需的证书

now iterate over the collection and find the certificate you need

foreach (X509Certificate2 cert in collection)
{
    // work with cert
}

这应该可以帮助您了解！

this should help you know!

问题:

安装是什么意思?将其复制到机器上吗?可以将其放入您的程序中吗?您不能仅使用CER文件，因为CER文件不包含进行客户端身份验证所需的私钥.

what does installing mean? Copying it to the maschine? is it okay, to put it into your programm? you cannot use a CER file only, since the CER file does not contain the private key that you need to do client authentication.

这篇关于在计算机上未安装PFX的情况下，使用客户端证书发出HTTP请求?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！