X509 商店无法通过序列号找到证书 [英] X509 store can not find certificate by SerialNumber

问题描述

我需要通过序列号获取 X509 证书，我有序列号，我正在遍历它们，我在我需要的集合中看到了序列号，但从未找到.

I need to get a X509 Certificate by Serial Number, I have the serial number and I am looping through them and i see the serial number in the collection I need but it is never found.

这是我的调试代码，只是为了确保我看到的是正确的序列号:

Here is my debug code just ot make sure I am seeing the proper serial numbers:

X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
            store.Open(OpenFlags.ReadOnly);

            foreach (X509Certificate2 cert in store.Certificates)
            {
                System.Web.HttpContext.Current.Response.Write (cert.SerialNumber + "=" + oauthCertificateFindValue + "<br/>");
                if (cert.SerialNumber == oauthCertificateFindValue)
                {
                    System.Web.HttpContext.Current.Response.Write("<br/>FOUND FOUND FOUND<br/>");
                }
            }

这是这段代码的输出:

0091ED5F0CAED6AD52‎‎=0091ED5F0CAED6AD52
3D3233116A894CB244DB359DF99E7862=0091ED5F0CAED6AD52

显然，我循环的第一个匹配序列号但 if 总是失败，我真正需要基于此序列号工作的也失败:

Clearly the first one I loop though matches the serial number but the if always fails and what I really need to work based on this serial number also fails:

   X509Certificate2Collection certificateCollection = store.Certificates.Find(x509FindType, oauthCertificateFindValue, false);

   if (certificateCollection.Count == 0)
                {
                    throw new ApplicationException(string.Format("An OAuth certificate matching the X509FindType '{0}' and Value '{1}' cannot be found in the local certificate store.", oauthCertificateFindType, oauthCertificateFindValue));
                }

     return certificateCollection[0];

我在这里做错了什么?

推荐答案

您尝试查找的证书的证书序列号中似乎有两个不可见字符，这就是它们不匹配的原因.如果您将 foreach 循环的输出更改为:

It would appear that there are two invisible characters in the certificate serial number of the certificate you're trying to find, which is why they aren't matching. You should be able to confirm this if you change the output from your foreach loop to:

System.Web.HttpContext.Current.Response.Write (string.Format("{0} (Length: {1}) = {2} (Length: {3})<br/>", cert.SerialNumber, cert.SerialNumber.Length oauthCertificateFindValue, oauthCertificateFindValue.Length);

您很可能会看到这些值看起来相同，但它们的长度不同(表明存在这些不可见字符).

You'll most likely see that the values look the same, but their lengths differ (indicating the presence of these invisible characters).

您需要更新搜索值以匹配证书的序列号，包括不可见字符.

You will need to update your search value to match the certificate's serial number including the invisible characters.

这篇关于X509 商店无法通过序列号找到证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！