How to create X.509 certificate_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-02-28 01:59 出处：网络

using bouncy castle i have created a X.509v3 certificate, i use a following code: { X509Certificate2 cerca= creer_ca(\"CA_certifcate\"); // creer_ca is a function that create the autority

using bouncy castle i have created a X.509v3 certificate, i use a following code:

{

  X509Certificate2 cerca= creer_ca("CA_certifcate"); // creer_ca is a function that create the autority

Console.WriteLine("create a certificaet RSA signed by CA_certificate ");

            var kpgen = new RsaKeyPairGenerator();

            kpgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 1024));

            var cerKp = kpgen.GenerateKeyPair();

            //champs certificat

            string certSubjectName = "test_RSA";
            var certName = new X509Name("CN="+certSubjectName);               
            var serialNo = BigInteger.ProbablePrime(120, new Random());

            X509V3CertificateGenerator gen2 = new X509V3CertificateGenerator();
            gen2.SetSerialNumber(serialNo);
            gen2.SetSubjectDN(certName);
            gen2.SetIssuerDN(new X509Name(true, cerca.Subject)); // le nom de l'autorité
            gen2.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(30, 0, 0, 0)));
            gen2.SetNotAfter(DateTime.Now.AddYears(2));
            gen2.SetSignatureAlgorithm("sha512WithRSA");

            gen2.SetPublicKey(cerKp.Public);


            AsymmetricCipherKeyPair akp = DotNetUtil开发者_运维技巧ities.GetKeyPair(cerca.PrivateKey);
            Org.BouncyCastle.X509.X509Certificate newCert = gen2.Generate(akp.Private);
            // used for getting a private key    
            X509Certificate2 userCert = ConvertToWindows(newCert, cerKp);

            byte[] cert = DotNetUtilities.ToX509Certificate(newCert).Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pkcs12, "password");
            var certif = new X509Certificate2(cert, "password");

            X509Store store = new X509Store("Root", StoreLocation.CurrentUser); 
            store.Open(OpenFlags.ReadWrite);
            store.Add(certif);
}

when displaying a certificate, the folowing message is displayed (in the general angle)

Windows ne se dispose pas des informations suffisantes pour vérifier le certificat

it means that

Windows does not have sufficient information to verify the certificate

in order to create a authority i use makecert like this:

public static X509Certificate2 creer_ca(string ca_name)
    {


  try
  {
     Process.Start("makecert.exe", "-r -pe -n \"O=" + ca_name + ",CN=" + ca_name + " \" -ss Root -sky exchange -sp \"Microsoft RSA Schannel Cryptographic Provider\" -sy 12 -len 2048 -a sha1 certificat_" + ca_name+ ".cer");
  }
  catch
  {
      Console.WriteLine("echec création de l'autorité");
  }

  X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);

  store.Open(OpenFlags.ReadWrite);

  X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
  X509Certificate2Collection fcollection = (X509Certificate2Collection)collection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);


    X509Certificate2 certificateR = new X509Certificate2();

  bool trouvé = false;




  foreach (X509Certificate2 x509 in fcollection)
  {
      if (x509.GetNameInfo(X509NameType.SimpleName, true) == ca_name)
      {
          trouvé = true;
          certificateR = x509;

          break;
      }
  }

  store.Close();

  X509Certificate2 caCert = new X509Certificate2();

         if (trouvé == false)

            {

              Console.WriteLine ("le certificat de nom " + ca_name+ " n'a pas été trouvé");
                }

            else
            { 

            Console.WriteLine ("le certificat de nom " + ca_name+ " a été trouvé");


            caCert= certificateR;


        }
         return (caCert); //the authority is created succesfully,

     }

help please.