堆栈内存溢出
  简体   繁体   English

如何为程序临时添加/信任证书颁发机构?

[英]How can I temporarily add/trust a certificate authority for my program?

 原文  2014-08-07 18:04:42       c#/ x509certificate/ certificate-authority

问题描述

Our program needs to work with a third party certificate that was provided by a partner. 我们的程序需要使用合作伙伴提供的第三方证书。 This certificate requires we install a certificate authority that was also provided to us before connecting to the client server. 此证书要求我们安装一个证书颁发机构,该证书颁发机构在连接到客户端服务器之前也已提供给我们。 Essentially we have to work with a self signed certificate. 本质上,我们必须使用自签名证书。

The application is written in C#. 该应用程序用C#编写。 I could just instruct end users on how to install a certificate authority before running our application but ideally I'd like to just temporarily add/trust the certificate authority .pfx file and embed that file as a resource in the .exe. 我可以在运行我们的应用程序之前指导最终用户如何安装证书颁发机构,但理想情况下,我只是临时添加/信任证书颁发机构.pfx文件并将该文件作为资源嵌入.exe中。

Does anybody have an idea? 有人有主意吗?

1 个解决方案

解决方案1
 0  2014-08-07 18:34:37

My first thought (as mentioned in the comments) would be to use Process.Start() inside of a #if DEBUG conditional compilation (or use your own custom variable) to run certutil. 我的第一个想法(如评论中所述)是在#if DEBUG条件编译中使用Process.Start()(或使用您自己的自定义变量)来运行certutil。 See this article for how to install the third party CA with certutil: http://support.microsoft.com/kb/295663 请参阅本文以了解如何使用certutil安装第三方CA: http : //support.microsoft.com/kb/295663

To import a CA certificate into the Enterprise NTAuth store, follow these steps: Export the certificate of the CA to a .cer file. 要将CA证书导入到Enterprise NTAuth存储中,请按照下列步骤操作:将CA的证书导出到.cer文件。 The following file formats are supported: DER encoded binary X.509 (.cer) Base-64 encoded X.509 (.cer) At a command prompt, type the following command, and then press ENTER: certutil -dspublish -f filename NTAuthCA 支持以下文件格式:DER编码的二进制X.509(.cer)Base-64编码的X.509(.cer)在命令提示符下,键入以下命令,然后按Enter:certutil -dspublish -f filename NTAuthCA

Process.Start() documentation: Process.Start()文档:

http://msdn.microsoft.com/en-us/library/system.diagnostics.process.start(v=vs.110).aspx http://msdn.microsoft.com/zh-CN/library/system.diagnostics.process.start(v=vs.110).aspx

You could also just write a bacth file to install and uninstall and include it in your source control or project with a readme. 您也可以编写一个bacth文件来安装和卸载,并将其包含在自述文件或源代码控制或项目中。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在ServerCertificateValidationCallback中使用代码仅实现一个特定证书(我自己的证书)的信任 - How can I implement trust only one specific certificate (my own) using code, in ServerCertificateValidationCallback 如何为IIS创建自己的证书颁发机构? - How to create my own certificate authority for IIS? 如何使用证书颁发机构从C#连接到RDS MySQL数据库? - How can I connect to an RDS MySQL DB from C# using a Certificate Authority? 如何手动信任应用程序中嵌入的自签名证书? - How do I manually trust a self-signed certificate embedded in my application? 如何验证证书是否由特定证书颁发机构创建? - How do I validate that a certificate was created by a particular certification authority? 如何将ZIP文件添加到我的程序exe文件中? - How can I add ZIP file to my program exe file? 如何使用makecert创建证书颁发机构证书? - How to create certificate authority certificate with makecert? 如何在SharpSvn中使用自定义证书颁发机构而不安装证书 - How do I use a custom Certificate Authority in SharpSvn without installing the certificate 我如何在“企业信任”商店中写信? - How can i write in the “Enterprise Trust” Store? 我可以使用C#确保X509Certificate由受信任的颁发机构颁发吗? - Can I ensure, using C#, that an X509Certificate was issued by a trusted authority?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM