[英]How to generate CSR like it does IIS
我正在与symantec api集成,并使用该代码生成CSR
private string GenerateCsr(string domain, string organization, string organizationUnit, string city, string state, string country) {
// Create all the objects that will be required
var objPkcs10 = new CX509CertificateRequestPkcs10();
var objPrivateKey = new CX509PrivateKey();
var objCSP = new CCspInformation();
var objCSPs = new CCspInformations();
var objDN = new CX500DistinguishedName();
var objEnroll = new CX509Enrollment();
var objObjectIds = new CObjectIds();
var objObjectId = new CObjectId();
var objExtensionKeyUsage = new CX509ExtensionKeyUsage();
var objX509ExtensionEnhancedKeyUsage = new CX509ExtensionEnhancedKeyUsage();
string strRequest;
try {
// Initialize the csp object using the desired Cryptograhic Service Provider (CSP)
objCSP.InitializeFromName(
"Microsoft RSA Schannel Cryptographic Provider"
);
// Add this CSP object to the CSP collection object
objCSPs.Add(
objCSP
);
// Provide key container name, key length and key spec to the private key object
//objPrivateKey.ContainerName = "AlejaCMa";
objPrivateKey.Length = 2048;
objPrivateKey.KeySpec = X509KeySpec.XCN_AT_SIGNATURE;
objPrivateKey.KeyUsage = X509PrivateKeyUsageFlags.XCN_NCRYPT_ALLOW_ALL_USAGES;
objPrivateKey.MachineContext = false;
// Provide the CSP collection object (in this case containing only 1 CSP object)
// to the private key object
objPrivateKey.CspInformations = objCSPs;
// Create the actual key pair
objPrivateKey.Create();
// Initialize the PKCS#10 certificate request object based on the private key.
// Using the context, indicate that this is a user certificate request and don't
// provide a template name
objPkcs10.InitializeFromPrivateKey(
X509CertificateEnrollmentContext.ContextUser,
objPrivateKey,
""
);
// Key Usage Extension
objExtensionKeyUsage.InitializeEncode(
X509KeyUsageFlags.XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE |
X509KeyUsageFlags.XCN_CERT_NON_REPUDIATION_KEY_USAGE |
X509KeyUsageFlags.XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE |
X509KeyUsageFlags.XCN_CERT_DATA_ENCIPHERMENT_KEY_USAGE
);
objPkcs10.X509Extensions.Add((CX509Extension)objExtensionKeyUsage);
// Enhanced Key Usage Extension
objObjectId.InitializeFromValue("1.3.6.1.5.5.7.3.2");
// OID for Client Authentication usage
objObjectIds.Add(objObjectId);
objX509ExtensionEnhancedKeyUsage.InitializeEncode(objObjectIds);
objPkcs10.X509Extensions.Add((CX509Extension)objX509ExtensionEnhancedKeyUsage);
// Encode the name in using the Distinguished Name object
objDN.Encode(
string.Format("CN={0}, O={1}, OU={2}, L={3}, S={4}, C={5}", domain, organization, organizationUnit, city, state, country),
X500NameFlags.XCN_CERT_NAME_STR_NONE
);
// Assing the subject name by using the Distinguished Name object initialized above
objPkcs10.Subject = objDN;
// Create enrollment request
objEnroll.InitializeFromRequest(objPkcs10);
strRequest = objEnroll.CreateRequest(
EncodingType.XCN_CRYPT_STRING_BASE64
);
return strRequest;
}
catch (Exception ex) {
throw new Exception("Can't generate CSR");
}
}
Symantec然后返回base64编码的证书,但是我无法将其上传到IIS。 如果我将在IIS上手动生成的CSR发送给symantec,则可以上传返回的证书。 因此,我的问题是如何像在IIS上一样生成CSR。
它无法以您想要的方式完成。 由于生成的csr和私钥位于一台服务器上,是由CA返回的签名证书,因此您将需要具有创建CSR时生成的私钥。 但是,您正在另一台服务器上生成私钥,并在iis上上载Symantec提供的签名证书,而IIS没有私钥。
如果必须这样做,则需要将参数直接发送到Symantec API,然后它们将为您提供一个受密码保护的PFX文件,并且您可以将pfx文件上传到IIS服务器上。
我希望我回答了你的问题。
如何从C#代码或在运行IIS的服务器上使用Powershell生成IIS7 CSR(用于SSL)
[英]How to generate IIS7 CSR (for SSL) from C# code or using Powershell on server which IIS is running
如何仅使用 C# 中的 CertificateRequest 生成具有公钥指数和模数的 CSR
[英]How to generate CSR with Public Key exponent and modulus only using CertificateRequest in C#
如何生成静态文件的URL(就像ASP.NET Core UrlHelper为动作方法做的那样)?
[英]How to generate URL of static file (Just like ASP.NET Core UrlHelper does for action methods)?
如何为 class 生成 JSON 示例值,就像 Swagger 的示例响应一样?
[英]How to generate JSON example values for class, just like Swagger does for example response?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.