在Root中插入证书(使用privatekey),LocalMachine证书存储在.NET 4中失败 [英] Inserting Certificate (with privatekey) in Root, LocalMachine certificate store fails in .NET 4
问题描述
我在在localmachine的根证书存储区中插入带有privatekey的新CA证书时遇到问题。
这是会发生的情况:
帮助。
new StorePermission(PermissionState.Unrestricted){Flags = StorePermissionFlags.AddToStore} .Assert();
var store = new X509Store(StoreName.Root,StoreLocation.LocalMachine);
privkey.PersistKeyInCsp = true;
//这不应该是没有必要的。
RSACryptoServiceProvider.UseMachineKeyStore = true;
cert.PrivateKey = privkey;
store.Open(OpenFlags.MaxAllowed);
store.Add(cert);
store.Close();
证书被插入,它看起来都是dandy :(见!)
注意:它有一个私钥。
所以你会说一个人能够找到
我已添加代码生成根证书并将其插入到商店此处。
您还需要此dll:此处(它是BouncyCastle)
它还生成一个.pfx文件,如果导入工作。
我只是想知道WHY?
(在Windows Server 2008 R2和Windows 7 )
我会死的!
p>我有完全相同的问题,解决方案证明是非常简单。
所有我要做的是传递
X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet
到X509Certificate2的ctor。
现在你使用DotNetUtilities将bouncycastle证书转换为.net,但是帮助方法使用DefaultKeySet(而不是MachineKeySet + PersistKeySet
)创建.net证书。
并安排私钥如下:
var cspParams = new CspParameters
{
KeyContainerName = Guid.NewGuid()。ToString(),
KeyNumber =(int)KeyNumber.Exchange,
Flags = CspProviderFlags.UseMachineKeyStore
};
var rsaProvider = new RSACryptoServiceProvider(cspParams);
我希望这有助于。
I'm having problems inserting a new CA certificate with privatekey in the Root certificate store of the localmachine.
This is what happens:
//This doesn't help either.
new StorePermission (PermissionState.Unrestricted) { Flags = StorePermissionFlags.AddToStore }.Assert();
var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
privkey.PersistKeyInCsp = true;
//This shouldn't be necessary doesn't make a difference what so ever.
RSACryptoServiceProvider.UseMachineKeyStore = true;
cert.PrivateKey = privkey;
store.Open (OpenFlags.MaxAllowed);
store.Add (cert);
store.Close ();
The certificate gets inserted and it all looks dandy: (see!)
Note: is says it has a privatekey.
So you'd say one would be able to find it with FindPrivateKey
C:\Users\Administrator\Desktop>FindPrivateKey.exe Root LocalMachine -t "54 11 b1 f4 31 99 19 d3 5a f0 5f 01 95 fc aa 6f 71 12 13 eb"
FindPrivateKey failed for the following reason:
Unable to obtain private key file name
Use /? option for help
It's cute .... BUT IT'S WRONG!! (2 stupid dogs reference)
And the Certificate export dialog gives me this very fine message:
This code is run while impersonating an administrator using this snippet: click here
I've added the code for generating and inserting a root cert into the store here.
You'll also need this dll: here (It's BouncyCastle)
It also generates a .pfx file that if imported does work.
I'd just love to know WHY?
(tested on Windows Server 2008 R2 & Windows 7)
I'll be damned!
It works when I compile it to v3.5!!!!
What to do?
I had exactly the same problem and the solution turned out to be really simple. All I had to do is to pass
X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet
to X509Certificate2's ctor. Now you are using the DotNetUtilities to convert the bouncycastle certificate to the .net one, but the helper method creates the .net cert with the DefaultKeySet (instead of MachineKeySet + PersistKeySet ).
And arrange the private key like this:
var cspParams = new CspParameters
{
KeyContainerName = Guid.NewGuid().ToString(),
KeyNumber = (int)KeyNumber.Exchange,
Flags = CspProviderFlags.UseMachineKeyStore
};
var rsaProvider = new RSACryptoServiceProvider(cspParams);
I hope this helps.
这篇关于在Root中插入证书(使用privatekey),LocalMachine证书存储在.NET 4中失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
