stackoom
  简体   繁体   中英

.NET core X509Store on linux

 原文  2018-04-12 06:51:53       c#/ .net/ linux/ ubuntu/ asp.net-core-2.0

Question

Where are the certificate files located in linux when using the .NET Core 2 X509Store ?

On Windows, the certificates are accessible from the management console certlm.msc or with New-SelfSignedCertificate in powershell. Using .NET APIs, certificates can be added by something like this on both Windows and linux

using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
    store.Open(OpenFlags.ReadWrite);
    var cert = new X509Certificate2("cert.pfx", "1234");
    store.Add(cert);
}

which can be accessed via X509Store.Certificates.Find() .

But where do the files get stored and how can they be added via linux tools? eg a sys admin would be adding the certificates and an application will be only reading them.

3 answers

solution1
 17  2020-04-01 04:57:20

The answer of @mbican is correct. the certificates are placed at

~/.dotnet/corefx/cryptography/x509stores/

I did not believe this one line answer without context and did not understand how he got there. That's why I want to share my findings as an answer for all the future visitors running in the same problem.

  1. Use the pfx certificate file, you do NOT have to convert it to a pem or crt or something

  2. Store the certificate with dotnet, so that you can see where the file is placed. A little C# command line:

     using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser, OpenFlags.ReadWrite)) { store.Add(new X509Certificate2( "./thePathToTheCert.pfx", "passwordOfTheCert", X509KeyStorageFlags.PersistKeySet)); }

    This created the folder ~/.dotnet/corefx/cryptography/x509stores/ and placed the certificate inside. ~/.dotnet/corefx/cryptography/x509stores/my/ThumbPrintOfTheCertificate.pfx

    Hint: We used to use StoreLocation.LocalMachine on windows but when we run on linux there is no LocalMachine store, so we switched to StoreLocation.CurrentUser . You will get this error if you try LocalMachine: Unix LocalMachine X509Stores are read-only for all users.

Hope this helps someone.

solution2
 7 ACCPTED  2019-09-28 00:15:25

~/.dotnet/corefx/cryptography/x509stores/

solution3
 0  2018-06-26 10:30:07

I ran into a similar issue while updating an app to use ASP.NET Core 2.1. The SSL connection to the database no longer accepts the PFX file in the connection string (CentOS, works on Windows) so I had to add the PEM certificate file to /etc/pki/tls/certs and the PEM key file to /etc/pki/tls/private .

This stopped X509Store.Open() from throwing an exception.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can .NET's X509Store be used to get certificates from remote Linux stores? Cant access certificates in X509Store from asp.net core 2.1 with thumbprints X509Store Location versus Store? How to correctly use X509Store? cordova plugin x509store Accessing the X509Store in Silverlight Cannot resolve symbol x509store Unable to Add certificate to X509Store Use certificate when issuer is not is X509Store trusted roots for client authentication using Microsoft .NET framework How to retrieve all certificates in your X509Store
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM