如何在 Kestrel 中直接使用 PEM 证书? [英] How to use PEM certificate in Kestrel directly?
问题描述
我想在我的 ASP.Net Core 2.0(带有 Kestrel Web 服务器)应用程序中使用 HTTPS.
I want to use HTTPS in my ASP.Net Core 2.0 (with Kestrel web server) application.
官方文档使用pfx 格式,但我想直接使用 PEM 格式(从 Let's encrypt 生成)没有任何转换(至少在我的 C# 代码之外没有任何内容).有可能吗?
The official documentation uses pfx format, but I want to use PEM format (generated from Let's encrypt) directly without any conversion (at least nothing outside my C# code). Is is possible?
推荐答案
简短的回答是你不能.至少,你不能没有大量的工作或使用像 Bouncy Castle 这样的东西.
The short answer is that you can't. At least, you can't without a whole lot of work or using something like Bouncy Castle.
当证书和密钥一起放入 PFX 时,X509Certificate2 对象将具有 cert.HasPrivateKey == true,并且能够通过 Get[Algorithm 使用私钥]PrivateKey 扩展方法族.当您加载 PEM 证书时,仅加载公共证书部分(如果它是粘贴了 PEM 密钥的 PEM 证书?那仍然只是 PEM 证书).
When the cert and the key are put together into a PFX the X509Certificate2 object will have cert.HasPrivateKey == true, and is capable of using the private key via the Get[Algorithm]PrivateKey extension method family. When you load a PEM certificate only the public certificate portion is loaded (and if it's a PEM certificate with a PEM key glued onto it? That's still just a PEM certificate).
获取与证书关联的私钥的简单方法是使用新的(在 .NET Core 2.0 中)certWithKey = cert.CopyWithPrivateKey(key) 扩展方法系列.所以现在你只"需要加载私钥..NET 当前无法加载(或保存).key"文件(无论它们的扩展名是什么).如果您想尝试加载一个,您可能需要检查一些现有技术:
The easy way to get a private key associated with a certificate is with the new (in .NET Core 2.0) certWithKey = cert.CopyWithPrivateKey(key) extension method family. So now you "just" need to load the private key. .NET does not currently have the ability to load (or save) ".key" files (no matter what their extension). If you want to take a crack at loading one you might want to check some prior art:
- 如何在 C# 中解析(转换为 RSAParameters)X.509 私钥?
- 在 C# 中使用 RSA 私钥文件创建 RSACryptoServiceProvider 对象
- pem证书中的私钥如何加密?
- 将私钥/公钥从 X509 证书导出到 PEM
好消息是 .NET 计划在未来支持加载密钥(https:///github.com/dotnet/corefx/issues/20414),但由于它还没有完成(更不用说发布了),所以现在对你没有帮助.
The good news is that .NET is planning to support loading keys in the future (https://github.com/dotnet/corefx/issues/20414), but since it isn't done yet (much less released) that doesn't help you right now.
这篇关于如何在 Kestrel 中直接使用 PEM 证书?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
