如何使用 c# 从 Root-CA-Cert 证书 (x509) 链中获取详细信息? [英] How can I Get the details from Root-CA-Cert certificate (x509) chain using c#?

问题描述

假设我有三个证书(Base64 格式)

Let's say I have three certificates (in Base64 format)

Root
 |
 --- CA
     |
     --- Cert (client/signing/whatever)

如何从 C# 中的证书链中获取数据?(所有这三个证书都可能在我的计算机证书商店中)

How can I Get the data from certificate chain in C#? (All those three certs may be in my computer cert store)

如何使用 c# 从 Root-CA-Cert 证书 (x509) 链中获取详细信息?

How can I Get the details from Root-CA-Cert certificate (x509) chain using c#?

推荐答案

How can I Get the data from certificate chain in C#? 
...
How can I Get the details from Root-CA-Cert certificate (x509) chain using c#?

您可以使用 .Net 的 X509 证书类.它有像GetCertHash、GetPublicKey、GetSerialNumber、GetEffectiveDateString(即notBefore)、GetExpirationDateString(即 notAfter)；以及 Issuer 和 Subject 等属性.

You can use .Net's X509Certificate Class. It has methods like GetCertHash, GetPublicKey, GetSerialNumber, GetEffectiveDateString (i.e., notBefore), GetExpirationDateString (i.e., notAfter); and properties like Issuer and Subject.

出于显示信息的目的，根证书、中间证书或服务器证书之间没有区别.CA 只是自签名(一些手动放弃)，这意味着 Issuer 和 Subject 是相同的.您还可以将您的信任植根于中间件，这不会是自签名的.对于中间证书和服务器证书，Issuer 和 Subject 可能会有所不同.

For the purposes of displaying information, there is no difference between a root certificate, intermediate certificate or server certificate. A CA is just self signed (some hand waiving), which means the Issuer and Subject are the same. You can also root your trust in an intermediate, and that would not be self signed. With intermediate and server certificates, the Issuer and Subject will likely be different.

此外，这可能是一个更好的可视化:

Also, this is probably a better visualization:

Root or CA
 |
 --- Intermediate
     |
     --- Server (client/signing/whatever)

这篇关于如何使用 c# 从 Root-CA-Cert 证书 (x509) 链中获取详细信息?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！