Npgsql连接.net核心ssl证书web api
[英]Npgsql connection with ssl certificates in .net core web api
问题描述
I'm using the NpgSqlConnection for .net core web api project.
我正在为 .net 核心 web api 项目使用 NpgSqlConnection。 Current PostgreSQL server has been move to another one and need to connect using the client certificates.当前 PostgreSQL 服务器已移至另一台,需要使用客户端证书进行连接。 We are provided with 3 certificate files named client-cert.pem, client-key.pem and server-ca.pem.我们提供了 3 个证书文件,分别名为 client-cert.pem、client-key.pem 和 server-ca.pem。 I was able to connect to the server using the client cert & key files through the pgAdmin from browser.我能够通过浏览器的 pgAdmin 使用客户端证书和密钥文件连接到服务器。 But, I'm not able to connect from my code.但是,我无法通过我的代码进行连接。 Tried several methods from inte.net but still I'm getting the below error.从 inte.net 尝试了几种方法,但我仍然收到以下错误。
{"28000: connection requires a valid client certificate"}
The code snippet I'm trying is given below.下面给出了我正在尝试的代码片段。
var connectionString = "User ID=" + _dOptions.Value.AuthenticationCredentials.UserName
+ ";Password=" + _dOptions.Value.AuthenticationCredentials.PassWord
+ ";Server=" + _dOptions.Value.Server
+ ";Port=" + _dOptions.Value.Port.ToString()
+ ";Database=" + _dOptions.Value.Database
+ ";Integrated Security=true;Pooling=true;SSL Mode=Require;Trust Server Certificate=true";
_con = new NpgsqlConnection(connectionString);
_con.ProvideClientCertificatesCallback += new ProvideClientCertificatesCallback(MyClientCertificates);
private void MyClientCertificates(X509CertificateCollection certificates)
{
var cert = new X509Certificate("C:\\Users\\c-Anish\\Documents\\cloud_sql_replica_certs\\DEV\\client-cert.pem");
certificates.Add(cert);
}
Also, here we are using only the client certificate named client-cert.pem, but, I think we may need to use the client-key.pem?另外,这里我们只使用名为 client-cert.pem 的客户端证书,但是,我认为我们可能需要使用 client-key.pem? If so, how can I add that?如果是这样,我该如何添加? What am I missing here?我在这里错过了什么?
Any help will be highly appreciated as I'm stuck with this issue.任何帮助将不胜感激,因为我遇到了这个问题。
1 个解决方案
解决方案1
3 已采纳 2020-10-10 07:25:33
I got a solution for this and thought of posting it here which may help others who are facing the similar issue.我为此找到了解决方案,并考虑将其张贴在这里,这可能会帮助面临类似问题的其他人。
It didn't worked with.pem files.它不适用于 .pem 文件。 I have converted it to a.pfx file using the below command and it started working fine.我已使用以下命令将其转换为 a.pfx 文件,并且开始正常工作。
openssl pkcs12 -inkey C:\Certs\client-key.pem -in C:\Certs\client-cert.pem -export -out C:\Certs\client-cert.pfx
Reference: Certificate Authentication Support参考:证书认证支持
EDIT编辑
Instead of creating the physical pfx file, I was able to combine the two pem files and got it worked.我没有创建物理 pfx 文件,而是能够合并这两个 pem 文件并让它工作。 Code snippet is given below for someone for reference in future.下面给出代码片段,供以后参考。
public X509Certificate2 GetCombinedCertificateAndKey(string certificatePath, string privateKeyPath)
{
using var publicKey = new X509Certificate2(certificatePath);
var privateKeyText = System.IO.File.ReadAllText(privateKeyPath);
var privateKeyBlocks = privateKeyText.Split("-", StringSplitOptions.RemoveEmptyEntries);
var privateKeyBytes = Convert.FromBase64String(privateKeyBlocks[1]);
using var rsa = RSA.Create();
if (privateKeyBlocks[0] == "BEGIN PRIVATE KEY")
{
rsa.ImportPkcs8PrivateKey(privateKeyBytes, out _);
}
else if (privateKeyBlocks[0] == "BEGIN RSA PRIVATE KEY")
{
rsa.ImportRSAPrivateKey(privateKeyBytes, out _);
}
var keyPair = publicKey.CopyWithPrivateKey(rsa);
var Certificate = new X509Certificate2(keyPair.Export(X509ContentType.Pfx));
return Certificate;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.