转换证书和私钥在C#编程.PFX [英] Convert Certificate and Private Key to .PFX programatically in C#
问题描述
我有一个成功的LetsEncrypt证书请求输出.cer文件。
我有用于创建LetsEncrypt证书签名请求(CSR)的原始私钥
现在,我们需要以编程方式将这两个文件合并成使用.NET
由于IIS的一个PFX包我们试图做到这一点编程pvk2pfx是不实际的,我们想避免的OpenSSL如果可能的话。
要证明虽然,我们正试图复制这一功能,但使用替代pvk2pfx CS .NET:
pvk2pfx.exe -pvk Server.pvk -spc Server.cer -pfx Server.pfx
我已经详尽地研究和下面是我看到的可能性:
一个方法好像是用X509Certificate2是这样的:
//导入certficate
X509Certificate2证书=新X509Certificate2(C:\\cert.cer);
//导入私钥
X509Certificate2证书=新X509Certificate2(C:\\key.pvk);
//或导入私钥 - 替代方法
X509DecryptString(令牌,@C:\CA.pvk,输入mypassword);
//导出PFX文件
certificate.Export(X509ContentType.Pfx,你的密码);
File.WriteAllBytes(@C:\YourCert.pfx,certificateData);
下面是一些其他的方法,但所有这些似乎并省略私钥的一部分,也需要pvk2pfx.exe
从证书文件转换为PFX文件
HTTP ://stackoverflow.com/a/4797392/3693688
如何以编程方式创建一个X509Certificate2?
http://www.wiktorzychla.com/2012 /12/how-to-create-x509certificate2.html
选择,创建和Find X509证书:
的 http://www.wou.edu/~rvitolo06/WATK/Demos/ HPCImageRendering /代码/ ImageRendering / AppConfigure / CertHelper.cs
不能导出生成的证书与私钥字节数组
的无法导出生成的证书与私钥字节数组在.NET 4.0 / 4.5
如何以编程方式导入PFX用铁链证书到证书存储。
http://stackoverflow.com/a/9152838/3693688
导入.CER和.pvk证书文件C#编程为使用的netsh的http添加的sslcert
的 https://gist.github.com/BrandonLWhite/235fa12247f6dc827051
方法CER转换为PFX证书
https://gist.github.com/domgreen/988684
任何帮助,不胜感激: - )
编辑1
CryptoGuy建议我们需要这个链接:
的 https://gist.github.com/BrandonLWhite/235fa12247f6dc827051
这是否意味着这样的事情会好?
是必要的CSP部分?
谢谢!
使用System.Security.Cryptography.X509Certificates;
使用System.Security.Cryptography;
VAR公钥= AssemblyUtility.GetEmbeddedFileAsByteArray(Cert.cer);
变种PrivateKey = AssemblyUtility.GetEmbeddedFileAsByteArray(PrivateKey.pvk);
无功证书=新X509Certificate2(公钥,的String.Empty,
X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
变种cspParams =新CspParameters
{
ProviderType = 1,
标志= CspProviderFlags.UseMachineKeyStore,
KeyContainerName = Guid.NewGuid()。toString()方法。ToUpperInvariant( )
};
变种RSA =新的RSACryptoServiceProvider(cspParams);
rsa.ImportCspBlob(ExtractPrivateKeyBlobFromPvk(PrivateKey));
rsa.PersistKeyInCsp = TRUE;
certificate.PrivateKey = RSA;
certificate.Export(X509ContentType.Pfx,你的密码);
File.WriteAllBytes(@C:\YourCert.pfx,certificateData);
CryptoGuy的回答是真正有用的和正确的指出美国。方向
我们仍在努力导入二进制DER文件,但是这个代码固定的:
VAR OC = OpenSSL.X509.X509Certificate.FromDER(生物);
这些页面是有用的:
< A HREF =https://github.com/openssl-net/openssl-net/blob/master/ManagedOpenSsl/X509/X509Certificate.cs相对=nofollow> https://github.com/openssl-net/ OpenSSL的网/ BLOB /主/ ManagedOpenSsl / X509 / X509Certificate.cs
感谢所有您的帮助:)
I have a .cer file output from a successful LetsEncrypt certificate request.
I have the original Private Key used to create the Certificate Signing Request (CSR) for LetsEncrypt.
Now we need to programmatically combine these two files into a PFX bundle for IIS using .NET
Since we are trying to to do this programmatically pvk2pfx is not practical, and we would like to avoid openssl if possible.
To demonstrate though, we are trying to replicate this function but using CS .NET instead of pvk2pfx: pvk2pfx.exe -pvk Server.pvk -spc Server.cer -pfx Server.pfx
I have researched exhaustively and here are the possibilities I see:
One method seems to be using X509Certificate2 something like:
// Import the certficate
X509Certificate2 cert = new X509Certificate2("c:\\cert.cer");
// Import the private key
X509Certificate2 cert = new X509Certificate2("c:\\key.pvk");
// Or import the private key - Alternative method
X509DecryptString(token, @"c:\CA.pvk", "mypassword");
// Export the PFX file
certificate.Export(X509ContentType.Pfx, "YourPassword");
File.WriteAllBytes(@"C:\YourCert.pfx", certificateData);
Here are some other methods but all of them seem to omit the part about the Private Key or they require pvk2pfx.exe
Conversion from cert file to pfx file http://stackoverflow.com/a/4797392/3693688
How to create a X509Certificate2 programmatically? http://www.wiktorzychla.com/2012/12/how-to-create-x509certificate2.html
Select, Create and Find X509 Certificates: http://www.wou.edu/~rvitolo06/WATK/Demos/HPCImageRendering/code/ImageRendering/AppConfigure/CertHelper.cs
Cannot export generated certificate with private key to byte array Cannot export generated certificate with private key to byte array in .net 4.0/4.5
How to programmatically import a pfx with a chain of certificates into the certificate store. http://stackoverflow.com/a/9152838/3693688
Import .cer and .pvk certificate files programmatically in C# for use with netsh http add sslcert
https://gist.github.com/BrandonLWhite/235fa12247f6dc827051
Method to convert cer to pfx cert https://gist.github.com/domgreen/988684
Any help greatly appreciated :-)
EDIT 1
CryptoGuy suggested we need this link: https://gist.github.com/BrandonLWhite/235fa12247f6dc827051
Does that mean something like this would be good?
Are the CSP parts necessary?
Thanks!
using System.Security.Cryptography.X509Certificates;
using System.Security.Cryptography;
var PublicKey = AssemblyUtility.GetEmbeddedFileAsByteArray("Cert.cer");
var PrivateKey = AssemblyUtility.GetEmbeddedFileAsByteArray("PrivateKey.pvk");
var certificate = new X509Certificate2(PublicKey, string.Empty,
X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
var cspParams = new CspParameters
{
ProviderType = 1,
Flags = CspProviderFlags.UseMachineKeyStore,
KeyContainerName = Guid.NewGuid().ToString().ToUpperInvariant()
};
var rsa = new RSACryptoServiceProvider(cspParams);
rsa.ImportCspBlob(ExtractPrivateKeyBlobFromPvk(PrivateKey));
rsa.PersistKeyInCsp = true;
certificate.PrivateKey = rsa;
certificate.Export(X509ContentType.Pfx, "YourPassword");
File.WriteAllBytes(@"C:\YourCert.pfx", certificateData);
CryptoGuy's answer was really helpful and pointed us in the right direction.
We were still struggling to import a Binary DER file but this code fixed that:
var oc = OpenSSL.X509.X509Certificate.FromDER(bio);
These pages were useful:
https://github.com/openssl-net/openssl-net/blob/master/ManagedOpenSsl/X509/X509Certificate.cs
Thanks all for your help :)
这篇关于转换证书和私钥在C#编程.PFX的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
