.NET core X509Store on Linux
[英].NET core X509Store on linux
问题描述
Where are the certificate files located in linux when using the .NET Core 2 X509Store ?
使用 .NET Core 2 X509Store时,证书文件位于 linux 中的什么位置?
On Windows, the certificates are accessible from the management console certlm.msc or with New-SelfSignedCertificate in powershell.在 Windows 上,可以从管理控制台certlm.msc或在 powershell 中使用New-SelfSignedCertificate访问证书。 Using .NET APIs, certificates can be added by something like this on both Windows and linux使用 .NET API,可以在 Windows 和 linux 上通过类似的方式添加证书
using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
store.Open(OpenFlags.ReadWrite);
var cert = new X509Certificate2("cert.pfx", "1234");
store.Add(cert);
}
which can be accessed via X509Store.Certificates.Find() .可以通过X509Store.Certificates.Find()访问。
But where do the files get stored and how can they be added via linux tools?但是文件存储在哪里以及如何通过 linux 工具添加它们? eg a sys admin would be adding the certificates and an application will be only reading them.例如,系统管理员将添加证书,而应用程序将仅读取它们。
3 个解决方案
解决方案1
17 2020-04-01 04:57:20
The answer of @mbican is correct. @mbican 的答案是正确的。 the certificates are placed at证书放置在
~/.dotnet/corefx/cryptography/x509stores/
I did not believe this one line answer without context and did not understand how he got there.我不相信没有上下文的这一行答案,也不明白他是如何到达那里的。 That's why I want to share my findings as an answer for all the future visitors running in the same problem.这就是为什么我想分享我的发现,作为未来所有遇到相同问题的访问者的答案。
Use the pfx certificate file, you do NOT have to convert it to a pem or crt or something
使用 pfx 证书文件,您不必将其转换为 pem 或 crt 之类的Store the certificate with dotnet, so that you can see where the file is placed.
用 dotnet 存储证书,这样你就可以看到文件的放置位置。 A little C# command line:一个小 C# 命令行:using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser, OpenFlags.ReadWrite)) { store.Add(new X509Certificate2( "./thePathToTheCert.pfx", "passwordOfTheCert", X509KeyStorageFlags.PersistKeySet)); }This created the folder ~/.dotnet/corefx/cryptography/x509stores/ and placed the certificate inside.
这创建了文件夹 ~/.dotnet/corefx/cryptography/x509stores/ 并将证书放入其中。 ~/.dotnet/corefx/cryptography/x509stores/my/ThumbPrintOfTheCertificate.pfxHint: We used to use
StoreLocation.LocalMachineon windows but when we run on linux there is no LocalMachine store, so we switched toStoreLocation.CurrentUser.提示:我们曾经在 windows 上使用StoreLocation.LocalMachine但是当我们在 linux 上运行时没有 LocalMachine 存储,所以我们切换到StoreLocation.CurrentUser。 You will get this error if you try LocalMachine:Unix LocalMachine X509Stores are read-only for all users.如果您尝试 LocalMachine,您将收到此错误: Unix LocalMachine X509Stores are read-only for all users.
Hope this helps someone.希望这可以帮助某人。
解决方案2
7 已采纳 2019-09-28 00:15:25
~/.dotnet/corefx/cryptography/x509stores/
解决方案3
0 2018-06-26 10:30:07
I ran into a similar issue while updating an app to use ASP.NET Core 2.1.我在更新应用程序以使用 ASP.NET Core 2.1 时遇到了类似的问题。 The SSL connection to the database no longer accepts the PFX file in the connection string (CentOS, works on Windows) so I had to add the PEM certificate file to /etc/pki/tls/certs and the PEM key file to /etc/pki/tls/private .与数据库的 SSL 连接不再接受连接字符串中的 PFX 文件(CentOS,适用于 Windows),因此我必须将 PEM 证书文件添加到/etc/pki/tls/certs并将 PEM 密钥文件添加到/etc/pki/tls/private 。
This stopped X509Store.Open() from throwing an exception.这阻止了 X509Store.Open() 抛出异常。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.