在 Root 中插入证书(使用私钥),LocalMachine 证书存储在 .NET 4 中失败 [英] Inserting Certificate (with privatekey) in Root, LocalMachine certificate store fails in .NET 4
问题描述
我在本地机器的根证书存储中插入带有私钥的新 CA 证书时遇到问题.
事情是这样的:
//这也无济于事.新 StorePermission (PermissionState.Unrestricted) { Flags = StorePermissionFlags.AddToStore }.Assert();var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);privkey.PersistKeyInCsp = true;//这不应该是必要的并没有什么不同.RSACryptoServiceProvider.UseMachineKeyStore = true;cert.PrivateKey = privkey;store.Open (OpenFlags.MaxAllowed);store.Add(证书);store.Close();证书被插入,它看起来很漂亮:(看!)
注意:是说它有一个私钥.
所以你会说可以使用
我只是想知道为什么?
(在 Windows Server 2008 R2 和 Windows 7 上测试)
我会被诅咒的!
当我把它编译到 v3.5 时它就可以工作了!!!!!!
怎么办?
我遇到了完全相同的问题,结果证明解决方案非常简单.我所要做的就是通过
X509KeyStorageFlags.MachineKeySet |X509KeyStorageFlags.PersistKeySet到 X509Certificate2 的构造函数.现在您正在使用 DotNetUtilities 将 bouncycastle 证书转换为 .net 证书,但辅助方法使用 DefaultKeySet(而不是 MachineKeySet + PersistKeySet)创建 .net 证书).
并像这样安排私钥:
var cspParams = new CspParameters{KeyContainerName = Guid.NewGuid().ToString(),KeyNumber = (int)KeyNumber.Exchange,标志 = CspProviderFlags.UseMachineKeyStore};var rsaProvider = 新的 RSACryptoServiceProvider(cspParams);我希望这会有所帮助.
I'm having problems inserting a new CA certificate with privatekey in the Root certificate store of the localmachine.
This is what happens:
//This doesn't help either.
new StorePermission (PermissionState.Unrestricted) { Flags = StorePermissionFlags.AddToStore }.Assert();
var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
privkey.PersistKeyInCsp = true;
//This shouldn't be necessary doesn't make a difference what so ever.
RSACryptoServiceProvider.UseMachineKeyStore = true;
cert.PrivateKey = privkey;
store.Open (OpenFlags.MaxAllowed);
store.Add (cert);
store.Close ();
The certificate gets inserted and it all looks dandy: (see!)
Note: is says it has a privatekey.
So you'd say one would be able to find it with FindPrivateKey
C:UsersAdministratorDesktop>FindPrivateKey.exe Root LocalMachine -t "54 11 b1 f4 31 99 19 d3 5a f0 5f 01 95 fc aa 6f 71 12 13 eb"
FindPrivateKey failed for the following reason:
Unable to obtain private key file name
Use /? option for help
It's cute .... BUT IT'S WRONG!! (2 stupid dogs reference)
And the Certificate export dialog gives me this very fine message:
This code is run while impersonating an administrator using this snippet: click here
I'd just love to know WHY?
(tested on Windows Server 2008 R2 & Windows 7)
I'll be damned!
It works when I compile it to v3.5!!!!
What to do?
I had exactly the same problem and the solution turned out to be really simple. All I had to do is to pass
X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet
to X509Certificate2's ctor. Now you are using the DotNetUtilities to convert the bouncycastle certificate to the .net one, but the helper method creates the .net cert with the DefaultKeySet (instead of MachineKeySet + PersistKeySet ).
And arrange the private key like this:
var cspParams = new CspParameters
{
KeyContainerName = Guid.NewGuid().ToString(),
KeyNumber = (int)KeyNumber.Exchange,
Flags = CspProviderFlags.UseMachineKeyStore
};
var rsaProvider = new RSACryptoServiceProvider(cspParams);
I hope this helps.
这篇关于在 Root 中插入证书(使用私钥),LocalMachine 证书存储在 .NET 4 中失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
