如何将他人的证书加载到我的本地证书存储中?
[英]How to load another's certificate to my local certificate store?
问题描述
I have a certificate (.pem file) that is distributed by another service vendor. 
我有另一个服务提供商分发的证书(.pem文件)。 I downloaded the certificate from the vendor and saved it to my local drive. 我从供应商处下载了证书,并将其保存到本地驱动器中。 In my WCF client, I am trying to load this certificate from the local drive and it is giving me an error “The private key is not present in the X.509 certificate” when communicating with the service. 在我的WCF客户端中,我试图从本地驱动器加载此证书,并且在与服务通信时出现错误“ X.509证书中不存在私钥”。 I was told that I need to load this certificate to my local certificate store to resolve this error. 有人告诉我需要将此证书加载到本地证书存储中以解决此错误。 Can anyone provide some directions? 谁能提供一些指示? Thanks! 谢谢!
I have the below function to load certificate from the path specified in the file parameter. 我具有以下功能,可从file参数中指定的路径加载证书。
public static X509Certificate LoadCertificate(string file)
{
try
{
return X509Certificate.CreateFromCertFile(file);
}
catch (System.Security.Cryptography.CryptographicException)
{
string filestr = File.ReadAllText(file);
StringBuilder sb = new StringBuilder(filestr.Remove(0, filestr.IndexOf("-----BEGIN CERTIFICATE-----")));
sb.Replace("-----BEGIN CERTIFICATE-----", "");
sb.Replace("-----END CERTIFICATE-----", "");
//Decode
try
{ //see if the file is a valid Base64 encoded cert
byte[] certBytes = Convert.FromBase64String(sb.ToString());
return new X509Certificate(certBytes);
}
catch (System.FormatException)
{
throw;
}
}
}
In my WCF client, it is loading the certificate that was created from LoadCertificate() function. 在我的WCF客户端中,它正在加载从LoadCertificate()函数创建的证书。
public X509Certificate Certificate { get; set; }
ClientCredentials loginCredentials = new ClientCredentials();
loginCredentials.UserName.UserName = this.UserId;
loginCredentials.UserName.Password = this.Password;
loginCredentials.ClientCertificate.Certificate = new X509Certificate2(this.Certificate);
1 个解决方案
解决方案1
1 已采纳 2011-12-30 21:11:56
Your code says you are trying to use the certificate to authenticate the client to the server , in addition to providing a username and a password. 您的代码表明,除了提供用户名和密码之外,您还尝试使用证书对服务器进行客户端身份验证 。 That's pretty bizarre but I guess possible. 这很奇怪,但我想可能。 You will need the private keys associated with that certificate for that purpose, as the client will need them to encrypt the communication so the server can use the certificate to decrypt and verify that the client is legit. 为此,您将需要与该证书关联的私钥,因为客户端将需要它们来加密通信,以便服务器可以使用证书来解密并验证客户端是否合法。 A .pem file can contain both public and private keys but maybe the one that was sent to you does not? .pem文件可以包含公钥和私钥,但是发送给您的文件可能不包含吗?
My guess is that really you only wanted the client to connect to a server that is using this certificate to identity itself and encrypt the communication. 我的猜测是,实际上您只希望客户端连接到使用此证书来标识自己并加密通信的服务器。 If so, all the client needs to do is import the certificate locally so it can compare against this local version when the server sends it when the client first connects to it. 如果是这样,客户端所需要做的就是在本地导入证书,以便在客户端首次连接到服务器时,当服务器发送该证书时,它可以与此本地版本进行比较。
Do to that, Microsoft made double clicking on a .pem file in a file browser start the certificate import wizard. 为此,Microsoft在文件浏览器中双击.pem文件以启动证书导入向导。 But in case that does not work for you, here is the hard way: 但是,如果这对您不起作用,这是困难的方法:
- Start - run - mmc 开始-运行-MMC
- File - Add/Remove snap-in 文件-添加/删除管理单元
- Select "certificates" - click Add - choose Computer Account - Local computer 选择“证书”-单击添加-选择计算机帐户-本地计算机
Close snap-in window with OK
单击确定关闭管理单元窗口 Now browse to Certificates (Local computer) - Personal - Certificates
现在浏览到证书(本地计算机)-个人-证书 - Right click - All Tasks - Import 右键单击-所有任务-导入
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.