感谢罗杰,我发现您的博客,并设法得到它的工作,把一个包装围绕它,所以它很容易使用,我也设法设置的友好名称的证书
using System;
using System.Collections.Generic;
using System.Security.Cryptography.X509Certificates;
using System.Diagnostics;
public class SSLCertificateCreator
{
public static string RunDosCommand(string Cmd, string Arguments)
{//Executes a Dos command in the current directory and then returns the result
string TestMessageText = "";
string filePath = Environment.CurrentDirectory;
ProcessStartInfo pi = new ProcessStartInfo()
{
FileName = filePath + "\\" + Cmd,
Arguments = Arguments + " ",
RedirectStandardOutput = true,
UseShellExecute = false,
CreateNoWindow = false
};
try
{
using (Process p = Process.Start(pi))
{
p.WaitForExit();
TestMessageText = p.StandardOutput.ReadToEnd();
return TestMessageText;
}
}
catch (Exception Ex)
{
return "ERROR :" +Ex.Message;
}
}
public static bool MakeCACertificate(string RootCertificateName, string FriendlyName)
{//Make a CA certificate but only if we don't already have one and then sets the friendly name
if (FindCertificate("Root", RootCertificateName, OpenFlags.ReadOnly) != null) return false; //We already have this root certificate
string Arguments="-pe -n \"CN=" + RootCertificateName + "\" -ss Root -sr CurrentUser -a sha1 -sky signature -r \"" + RootCertificateName + ".cer\" -m 12";
string Result=RunDosCommand("makecert", Arguments);
X509Certificate2 Cert = FindCertificate("Root", RootCertificateName, OpenFlags.ReadWrite);
if (Cert == null || !Result.ToLower().StartsWith("succeeded")) return false;
Cert.FriendlyName = FriendlyName;
return true;
}
public static bool MakeSignedCertificate(string RootCertificateName, string CertificateName, string FriendlyName)
{//Makes a signed certificate but only if we have the root certificate and then sets the friendly name
if (FindCertificate("Root", RootCertificateName, OpenFlags.ReadOnly) == null) return false; //We must have a valid root-certificate first
if (FindCertificate("my",CertificateName, OpenFlags.ReadOnly)!=null) return false;//Nope we alrady have this signed certificate
string Arguments = "-pe -n \"CN=" + CertificateName + "\" -ss my -sr CurrentUser -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -in \"" + RootCertificateName + "\" -is Root -ir CurrentUser -sp \"Microsoft RSA SChannel Cryptographic Provider\" -sy 12 \"" + CertificateName + ".cer\" -m 12";
string Result = RunDosCommand("makecert", Arguments);
X509Certificate2 Cert = FindCertificate("my", CertificateName, OpenFlags.ReadWrite);
if (Cert==null || !Result.ToLower().StartsWith("succeeded")) return false;
Cert.FriendlyName = FriendlyName;
return true;
}
private static X509Certificate2 FindCertificate(string Store, string Name, OpenFlags Mode)
{//Look to see if we can find the certificate store
X509Store store = new X509Store(Store,StoreLocation.CurrentUser);
store.Open(Mode);
foreach (X509Certificate2 Cert in store.Certificates)
{
if (Cert.Subject.ToLower() =="cn="+ Name.ToLower())
return Cert;//Yep found it
}
return null;
}
}
样品使用率
SSLCertificateCreator.MakeCACertificate(“DavesRoot”,“Nice Name”); SSLCertificateCreator.MakeSignedCertificate(“DavesRoot”,“Daves Signed Certificate5”,“Nice Name”);
makecert.exe必须在BIN/Release或Debug目录的代码工作,这段代码只曾经在Windows 8
你需要SSH或SSL测试?这是两种不同的协议。 –
当前我正在使用System.Net.Security.SslStream类,它是AuthenticateAsServer(X509Certificate)方法 –
当您说'我已安装.cer文件' - 何处?您需要将其安装到CA商店,否则它将不会被其他计算机信任。 –