堆栈内存溢出
  简体   繁体   English

在 c# 上生成 x509 证书未返回预期结果

[英]Generate x509 certificate on c# not returning expected result

 原文  2022-03-30 08:13:32       c#/ asp.net-core/ certificate/ x509certificate

问题描述

I am using .net 6.0 with .net core and I'd like to create x509 certificate and use this with k8s c# client.我正在使用 .net 6.0 和 .net 核心,我想创建 x509 证书并将其与 k8s c# 客户端一起使用。

For creating x509 certificate I have method like this:为了创建 x509 证书,我有这样的方法:

public static byte[] GenerateCertificate(string name)
{
    var sanBuilder = new SubjectAlternativeNameBuilder();
    sanBuilder.AddIpAddress(IPAddress.Loopback);
    sanBuilder.AddIpAddress(IPAddress.IPv6Loopback);
    sanBuilder.AddDnsName("localhost");
    sanBuilder.AddDnsName(Environment.MachineName);

    var distinguishedName = new X500DistinguishedName(name);

    using var rsa = RSA.Create(4096);
    var request = new CertificateRequest(distinguishedName, rsa, HashAlgorithmName.SHA256,RSASignaturePadding.Pkcs1);

    request.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DataEncipherment | X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DigitalSignature , false));
    request.CertificateExtensions.Add(new X509EnhancedKeyUsageExtension(new OidCollection { new ("1.3.6.1.5.5.7.3.1") }, false));
    request.CertificateExtensions.Add(sanBuilder.Build());
    request.CreateSelfSigned(new DateTimeOffset(DateTime.UtcNow.AddDays(-1)), new DateTimeOffset(DateTime.UtcNow.AddDays(3650)));
    var csr = request.CreateSigningRequest();
    return csr;
}

And I am expecting result like this for generating certificate on k8s:我期待在 k8s 上生成证书这样的结果:

-----BEGIN CERTIFICATE REQUEST-----
    certificate code long code
-----END CERTIFICATE REQUEST-----

How to manage to get result like this?如何设法获得这样的结果?

1 个解决方案

解决方案1
 1 已采纳  2022-03-30 11:40:43

You are looking for the PEM format, but the function provides DER.您正在寻找 PEM 格式,但 function 提供了 DER。

From the docs: 从文档:

"To convert the return value to PEM format, make a string consisting of -----BEGIN CERTIFICATE REQUEST----- , a newline, the Base-64-encoded representation of the request (by convention, linewrapped at 64 characters), a newline, and -----END CERTIFICATE REQUEST----- ." “要将返回值转换为 PEM 格式,请制作一个由-----BEGIN CERTIFICATE REQUEST-----组成的字符串,一个换行符,请求的 Base-64 编码表示(按照惯例,以 64 个字符换行), 一个换行符,和-----END CERTIFICATE REQUEST----- 。”

So what you need is所以你需要的是

return
    "-----BEGIN CERTIFICATE REQUEST-----\r\n" +
    Convert.ToBase64String(csr) +
    "\r\n-----END CERTIFICATE REQUEST-----";

You also need to change your function to return string .您还需要更改 function 以返回string If you want to return it as byte you need to decide an encoding.如果你想将它作为byte返回,你需要决定一种编码。 For example, you could do return Encoding.UTF8.GetBytes(base64Request);例如,您可以return Encoding.UTF8.GetBytes(base64Request);

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 C#x509证书解码器 - C# x509 certificate decoder C# 将证书字符串转换为X509证书 - C# convert certificate string into X509 certificate 是否可以仅使用C#以编程方式生成X509证书? - Is it possible to programmatically generate an X509 certificate using only C#? 验证 x509 证书路径 C# - Validate x509 Certificate Path C# C#在代码中创建x509证书 - c# create x509 certificate in code 获取 C# 中特定 X509 证书的信息 - Get information of a particular X509 Certificate in C# 在c#中使用SHA 256的哈希X509证书 - Hash X509 certificate with SHA 256 in c# 如何将 PEM 编码的 X509 证书转换为 C# 中的 Org.BouncyCastle.X509.X509Certificate - How do I convert a PEM encoded X509 certificate to Org.BouncyCastle.X509.X509Certificate in C# 使用 C# 从 CA 证书为设备创建 X509 证书 - Create X509 Certificate for Device from a CA certificate using C# c# 如何从证书和密钥或 pfx 或 p7b 创建 X509 证书 - c# How to create X509 Certificate from certificate and key or pfx or p7b
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM