C# 將證書字符串轉換為X509證書
[英]C# convert certificate string into X509 certificate
問題描述
我收到一個字符串,並想使用 C# 將其轉換為證書。 我嘗試了以下代碼並得到“ The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters. ”錯誤:
byte[] bytes = Convert.FromBase64String(((string[])request.Headers.GetValues("MY-Cert"))[0]);
var cert = new X509Certificate2(bytes);
使用 C# 讀取此類字符串的最佳方法是什么。
此處提出了類似的問題,但使用 C++
我收到以下格式的字符串:
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIJAK0JmDc/YXWsMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
VQQGEwJJTjELMAkGA1UECBMCQVAxDDAKBgNVBAcTA0hZRDEZMBcGA1UEChMQUm9j
a3dlbGwgY29sbGluczEcMBoGA1UECxMTSW5kaWEgRGVzaWduIENlbnRlcjEOMAwG
A1UEAxMFSU1BQ1MxKTAnBgkqhkiG9w0BCQEWGmJyYWphbkBSb2Nrd2VsbGNvbGxp
bnMuY29tMB4XDTExMDYxNjE0MTQyM1oXDTEyMDYxNTE0MTQyM1owgZwxCzAJBgNV
BAYTAklOMQswCQYDVQQIEwJBUDEMMAoGA1UEBxMDSFlEMRkwFwYDVQQKExBSb2Nr
d2VsbCBjb2xsaW5zMRwwGgYDVQQLExNJbmRpYSBEZXNpZ24gQ2VudGVyMQ4wDAYD
VQQDEwVJTUFDUzEpMCcGCSqGSIb3DQEJARYaYnJhamFuQFJvY2t3ZWxsY29sbGlu
cy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfjHgUAsbXQFkF
hqv8OTHSzuj+8SKGh49wth3UcH9Nk/YOug7ZvI+tnOcrCZdeG2Ot8Y19Wusf59Y7
q61jSbDWt+7u7P0ylWWcQfCE9IHSiJIaKAklMu2qGB8bFSPqDyVJuWSwcSXEb9C2
xJsabfgJr6mpfWjCOKd58wFprf0RF58pWHyBqBOiZ2U20PKhq8gPJo/pEpcnXTY0
x8bw8LZ3SrrIQZ5WntFKdB7McFKG9yFfEhUamTKOffQ2Y+SDEGVDj3eshF6+Fxgj
8plyg3tZPRLSHh5DR42HTc/35LA52BvjRMWYzrs4nf67gf652pgHh0tFMNMTMgZD
rpTkyts9AgMBAAGjggEFMIIBATAdBgNVHQ4EFgQUG0cLBjouoJPM8dQzKUQCZYNY
y8AwgdEGA1UdIwSByTCBxoAUG0cLBjouoJPM8dQzKUQCZYNYy8ChgaKkgZ8wgZwx
CzAJBgNVBAYTAklOMQswCQYDVQQIEwJBUDEMMAoGA1UEBxMDSFlEMRkwFwYDVQQK
ExBSb2Nrd2VsbCBjb2xsaW5zMRwwGgYDVQQLExNJbmRpYSBEZXNpZ24gQ2VudGVy
MQ4wDAYDVQQDEwVJTUFDUzEpMCcGCSqGSIb3DQEJARYaYnJhamFuQFJvY2t3ZWxs
Y29sbGlucy5jb22CCQCtCZg3P2F1rDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
BQUAA4IBAQCyYZxEzn7203no9TdhtKDWOFRwzYvY2kZppQ/EpzF+pzh8LdBOebr+
DLRXNh2NIFaEVV0brpQTI4eh6b5j7QyF2UmA6+44zmku9LzS9DQVKGLhIleB436K
ARoWRqxlEK7TF3TauQfaalGH88ZWoDjqqEP/5oWeQ6pr/RChkCHkBSgq6FfGGSLd
ktgFcF0S9U7Ybii/MD+tWMImK8EE3GGgs876yqX/DDhyfW8DfnNZyl35VF/80j/s
0Lj3F7Po1zsaRbQlhOK5rzRVQA2qnsa4IcQBuYqBWiB6XojPgu9PpRSL7ure7sj6
gRQT0OIU5vXzsmhjqKoZ+dBlh1FpSOX2
-----END CERTIFICATE-----
3 個解決方案
解決方案1
2 已采納 2020-12-24 19:42:02
以下代碼對我有用;
IEnumerable<string> headerValues;
var usercert = request.Headers.TryGetValues("MY-Cert", out headerValues);
var data = WebUtility.UrlDecode(((string[])headerValues)[0]);
byte[] bytes = Encoding.ASCII.GetBytes(data);
var cert = new X509Certificate2(bytes);
解決方案2
1 2020-12-18 06:47:54
正如評論中指出的那樣,您需要從 PEM 字符串中刪除第一行和最后一行,然后將 Base64 字符串轉換為X509Certificate2 object。
String certPemString = ((string[])request.Headers.GetValues("MY-Cert"))[0];
certPemString = certPemString
.Replace("-----BEGIN CERTIFICATE-----",null)
.Replace("-----END CERTIFICATE-----",null);
var cert = new X509Certificate2(Convert.FromBase64String(certPemString));
解決方案3
-2 2020-12-17 23:55:40
那是您需要轉換為 PKCS7 的 PEM 格式。
更多關於格式的信息在這里。 https://comodosslstore.com/resources/a-ssl-certificate-file-extension-explanation-pem-pkcs7-der-and-pkcs12/
使用 OpenSSL 轉換為正確的格式。
openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer
certificate.cer 將是您當前保存在 certificate.cer 文件中的 PEM 文本,假設您從 CA 或自生成 CA 獲得此文件,您將需要提供 CACert.cer 來簽署 output。
C# X509 證書驗證,帶在線 CRL 檢查,無需將根證書導入受信任的根 CA 證書存儲
[英]C# X509 certificate validation, with Online CRL check, without importing root certificate to trusted root CA certificate store
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.