stackoom
  简体   繁体   中英

how to get X509Certificate using Friendly Name rather than Thumbprint?

 原文  2020-04-23 16:35:53       c#/ x509certificate

Question

I have a certificate which having Friendly Name as well and I want to get the certificate using Friendly Name rather than Thumbprint. I don't see any method like FindByFriendlyName... , how to do this?

在此处输入图像描述

 var thumbprint ="f454......"
 var friendlyName = "ASP.NET Core...."    

 X509Certificate2Collection signingCerts = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
            X509Certificate2Enumerator enumerator = signingCerts.GetEnumerator();

3 answers

solution1
 5 ACCPTED  2020-04-23 17:35:35

Built-in search can be done only against static fields, that never change for any given certificate. Friendly name is not static, it can be changed for any single certificate unlimited times. Thus, I would STRONGLY recommend to not rely on cert friendly name. EVER.

you can do manual filtering, by enumerating all certificates and checking for matching certificate, but it is very poor and fragile way.

solution2
 1  2021-05-05 15:22:52

If you want something that's a stable search value across cert renewals and is easy to read, you might try the subject name (if the cert has a decent subject name, other than localhost or something):

var subject ="org name signing cert......"
var friendlyName = "ASP.NET Core...."    

X509Certificate2Collection signingCerts = store.Certificates.Find(X509FindType.FindBySubjectName, subject, true);
        X509Certificate2Enumerator enumerator = signingCerts.GetEnumerator();

(You probably only want valid/non-expired certs, too, so use true for the last param.)

solution3
 0  2021-08-16 17:44:12

I have a use case to look up by FriendlyName. The code is below

            //store variable 
            X509Store store;
            //certificate variable 
            X509Certificate2 cert;

            //init store using root and local machine
            store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
            //open store for read only
            store.Open(OpenFlags.ReadOnly);
            //find cert using linq
            cert = store.Certificates.OfType<X509Certificate2>().FirstOrDefault(x => x.FriendlyName == "cert-friendlyname-here");
            //close store
            store.Close();

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to get the X509Certificate from a client request X509Certificate and XmlDsig Duplicated X509Certificate How to get X509Certificate from certificate store and generate xml signature data? Revoked X509Certificate How to extract the domain name out of an X509Certificate object during SslStream.AuthenticateAsClient? (.NET4) How to create signed x509certificate with a private key using a self signed certificate Using X509Certificate with file and key in c# Can a .NET assembly be signed using an X509Certificate? X509Certificate get private key expiration date
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM