将证书转换为 pfx 或 p12 文件格式 [英] Convert cert to pfx or p12 file format

问题描述

在 Windows Server 2016 上使用 powershell 将 .crt、.csr 和 .key 文件转换为 .pfx 或 .p12.

Convert .crt, .csr, and .key files to .pfx or .p12 using powershell on Windows server 2016.

我有 .cert、.csr 和 .key 文件.但是为了执行netsh http add sslcert ..."命令，我需要 .pfx 或 .p12 文件.我需要在 powershell 中完成此操作.Openssl 不是一个选项.

I have .cert, .csr, and .key files. But in order to execute the "netsh http add sslcert ..." command, I need the .pfx or .p12 file. And I need this to be done in powershell. Openssl is not an option.

我已经使用 openssl 完成了上述操作.但我现在不能下载软件，所以这不再是一种选择.我在 powershell 中寻找等效于 openssl pkcs12 -export -out domain.name.pfx -inkey key.key -in cert.crt 命令.

I have accomplished the above using openssl. But Im restricted from downloading software now, so thats not an option any more. Im looking for equivalent of openssl pkcs12 -export -out domain.name.pfx -inkey key.key -in cert.crt command in powershell.

推荐答案

如果您可以使用 .NET Core 3.0:

If you can use .NET Core 3.0:

• 通过cert = new X509Certificate2(certFile)
加载证书
• 如果密钥文件是 PEM 编码的(例如以----- BEGIN"开头)然后加载它，记住它是什么类型(人或软件)，找到页眉和页脚之间的 base64 内容，然后运行通过 Convert.FromBase64String 获取密钥的 BER/DER 编码格式.
• key = RSA.Create()
• key.ImportPkcs8PrivateKey(bytes, out _), key.ImportEncryptedPkcs8PrivateKey(password, bytes, out _) 或 key.ImportRSAPrivateKey(bytes, out_);取决于私钥文件的格式.
• certWithKey = cert.CopyWithPrivateKey(key)
• File.WriteAllBytes("new.pfx", certWithKey.Export(X509ContentType.Pkcs12, password))

• Load the certificate via cert = new X509Certificate2(certFile)
• If the keyfile is PEM encoded (e.g. starts with "----- BEGIN ") then load it, remember what type it is (human or software), find the base64 contents between the header and footer, and run that through Convert.FromBase64String to get the BER/DER encoded format of the key.
• key = RSA.Create()
• key.ImportPkcs8PrivateKey(bytes, out _), key.ImportEncryptedPkcs8PrivateKey(password, bytes, out _), or key.ImportRSAPrivateKey(bytes, out _); depending on what format the private key file is in.
• certWithKey = cert.CopyWithPrivateKey(key)
• File.WriteAllBytes("new.pfx", certWithKey.Export(X509ContentType.Pkcs12, password))

如果您可以使用 .NET Core 2.1/.NET Framework 4.7.2:

If you can use .NET Core 2.1 / .NET Framework 4.7.2:

• 加载证书，如上.
• 手动加载密钥:
  • RSA私钥
    • 如何仅在 c# 中获取 RSACryptoServiceProvider 公钥和私钥
    • 如何在 C# 中解析(转换为 RSAParameters)X.509 私钥?
    • 不使用 BouncyCastle 的 C# 数字签名
    • X509Certificate2.Import with NCRYPT_ALLOW_PLAINTEXT_EXPORT_FLAG(ImportEncryptedPkcs8Overwrite 方法)
    • X509Certificate2.Import with NCRYPT_ALLOW_PLAINTEXT_EXPORT_FLAG (ImportEncryptedPkcs8Overwrite method)

    如果您坚持使用较旧的东西:

    If you're stuck on something older:

    您可以尝试加载证书，手动将密钥加载到 RSACryptoServiceProvider，使用 cert.set_PrivateKey，然后导出.仅适用于 .NET Framework(从 .NET Core 中消除，因为它有太多副作用，尤其是对已存在于持久证书存储中的证书进行处理时).

    You could try loading the cert, manually loading the key into an RSACryptoServiceProvider, using cert.set_PrivateKey, and exporting that. Only works on .NET Framework (eliminated from .NET Core because it has too many side effects, especially when done to a cert already in a persisted certificate store).

    这篇关于将证书转换为 pfx 或 p12 文件格式的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！