使用自签名证书 [英] Using self-signed certificates

问题描述

我有这样的代码：

X509Chain x509Chain = new X509Chain();
x509Chain.ChainPolicy.ExtraStore.Add(certificate1);
x509Chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
x509Chain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
x509Chain.Build(certificate2);

foreach (X509ChainElement x509ChainElement in x509Chain.ChainElements)
{
    Log("Name: " + x509ChainElement.Certificate.GetNameInfo(X509NameType.SimpleName, false));
    foreach (X509ChainStatus x509ChainStatus in x509ChainElement.ChainElementStatus)
        Log("status: " + x509ChainStatus.StatusInformation);
    if (x509ChainElement.ChainElementStatus.Length != 0 && (x509ChainElement.Certificate.Thumbprint != certificate1.Thumbprint))// || x509ChainElement.ChainElementStatus[0].Status != X509ChainStatusFlags.UntrustedRoot))
                    return false;
}

我不能设法得到它来安装证书，如果它是自-signed（或至少我认为它不得到安装）。在状态日志消息我得到这样的：

I can't manage to get it to install the certificate if it is self-signed (or at least I think it doesnt get installed). On the status log message I get this:

一个证书链处理，但在根证书
终止其不被信任受信任提供

A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider

我怎么能忽略检查？

推荐答案

设置政策的标志包含的 AllowUnknownCertificateAuthority 。

Set up the policy flags to include AllowUnknownCertificateAuthority.

这篇关于使用自签名证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！