stackoom
  简体   繁体   中英

How to generate CSR like it does IIS

 原文  2014-02-17 08:33:31       c#/ iis/ ssl/ certificate

Question

I am working on integration with symantec api and use that code to generate CSR 

private string GenerateCsr(string domain, string organization, string organizationUnit, string city, string state, string country) {
        //  Create all the objects that will be required
        var objPkcs10 = new CX509CertificateRequestPkcs10();
        var objPrivateKey = new CX509PrivateKey();
        var objCSP = new CCspInformation();
        var objCSPs = new CCspInformations();
        var objDN = new CX500DistinguishedName();
        var objEnroll = new CX509Enrollment();
        var objObjectIds = new CObjectIds();
        var objObjectId = new CObjectId();
        var objExtensionKeyUsage = new CX509ExtensionKeyUsage();
        var objX509ExtensionEnhancedKeyUsage = new CX509ExtensionEnhancedKeyUsage();
        string strRequest;
        try {
            //  Initialize the csp object using the desired Cryptograhic Service Provider (CSP)
            objCSP.InitializeFromName(
                "Microsoft RSA Schannel Cryptographic Provider"
                );
            //  Add this CSP object to the CSP collection object
            objCSPs.Add(
                objCSP
                );
            //  Provide key container name, key length and key spec to the private key object
            //objPrivateKey.ContainerName = "AlejaCMa";
            objPrivateKey.Length = 2048;
            objPrivateKey.KeySpec = X509KeySpec.XCN_AT_SIGNATURE;
            objPrivateKey.KeyUsage = X509PrivateKeyUsageFlags.XCN_NCRYPT_ALLOW_ALL_USAGES;
            objPrivateKey.MachineContext = false;
            //  Provide the CSP collection object (in this case containing only 1 CSP object)
            //  to the private key object
            objPrivateKey.CspInformations = objCSPs;
            //  Create the actual key pair
            objPrivateKey.Create();
            //  Initialize the PKCS#10 certificate request object based on the private key.
            //  Using the context, indicate that this is a user certificate request and don't
            //  provide a template name
            objPkcs10.InitializeFromPrivateKey(
                X509CertificateEnrollmentContext.ContextUser,
                objPrivateKey,
                ""
                );
            // Key Usage Extension 
            objExtensionKeyUsage.InitializeEncode(
                X509KeyUsageFlags.XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE |
                X509KeyUsageFlags.XCN_CERT_NON_REPUDIATION_KEY_USAGE |
                X509KeyUsageFlags.XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE |
                X509KeyUsageFlags.XCN_CERT_DATA_ENCIPHERMENT_KEY_USAGE
                );
            objPkcs10.X509Extensions.Add((CX509Extension)objExtensionKeyUsage);
            // Enhanced Key Usage Extension
            objObjectId.InitializeFromValue("1.3.6.1.5.5.7.3.2");
            // OID for Client Authentication usage                
            objObjectIds.Add(objObjectId);
            objX509ExtensionEnhancedKeyUsage.InitializeEncode(objObjectIds);
            objPkcs10.X509Extensions.Add((CX509Extension)objX509ExtensionEnhancedKeyUsage);
            //  Encode the name in using the Distinguished Name object
            objDN.Encode(
                string.Format("CN={0}, O={1}, OU={2}, L={3}, S={4}, C={5}", domain, organization, organizationUnit, city, state, country),
                X500NameFlags.XCN_CERT_NAME_STR_NONE
                );
            //  Assing the subject name by using the Distinguished Name object initialized above
            objPkcs10.Subject = objDN;
            // Create enrollment request
            objEnroll.InitializeFromRequest(objPkcs10);
            strRequest = objEnroll.CreateRequest(
                EncodingType.XCN_CRYPT_STRING_BASE64
                );
            return strRequest;
        }
        catch (Exception ex) {
            throw new Exception("Can't generate CSR");
        }
    }

Symantec then returns base64 encoded certificate but I can't upload it to IIS. If I send CSR generated manually on IIS to symantec, I am able to upload returned certificate. So, my question is how to generate CSR like it was generated on IIS.

1 answers

solution1
 0  2014-03-08 00:19:33

It cannot be done the way you want it. Because the csr and private key generated are on one server, the signed certificate returned by the CA, you will need to have the private key that is generated when the CSR is created. But you are generating the private key on a different server and uploading the signed certificate given by Symantec on iis and IIS does not have the private key.

If it has to be done then you need to send the parameters directly to the Symantec API and then they will provide you with a PFX file which will be password protected and you can upload the pfx file on the IIS server.

I hope i answered you question.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to generate IIS7 CSR (for SSL) from C# code or using Powershell on server which IIS is running How to generate a CSR by using keys stored in a smartcard How to generate load on IIS? How to generate CSR with Public Key exponent and modulus only using CertificateRequest in C# Dynamic linq, how to generate LIKE and NOT LIKE How to host Windows Service (like) in IIS How to generate URL of static file (Just like ASP.NET Core UrlHelper does for action methods)? How to generate JSON example values for class, just like Swagger does for example response? How do I generate IIS machineKey from inside code? How to Dynamically generate emails like doing in Craiglist?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM