如何使用 C# 从 pfx 文件中检索证书?
我已经在谷歌上搜索了半天,寻找一种读取 .pfx 文件并将证书导入 certstore 的方法。
到目前为止,我能够使用 X509Certifcate 读取 .pfx 文件,并能够在 .pfx 文件中导入一个证书。到目前为止一切顺利,但是 .pfx 文件中有三个证书,当使用 X509Certificate 加载 .pfx 时,我无法查看另外两个证书。
证书是通过
*个人信息交换 - PKCS #12 (.PFX)
- 导出的
如果可能,包括证书路径中的所有证书
启用强保护(需要IE 5.0、NT 4.0 SP4 或更高版本)
这些是导出证书时选择的选项。我知道有三个证书,因为我手动进入certstore (MMC)并将其导入到个人文件夹中。
I've been googling around for half a day looking for a way to read a .pfx file and import the certificates into the certstore.
So far, I am able to read the .pfx file with X509Certifcate and able to import one certificate within the .pfx file. So far so good, but there are three certificates in the .pfx file and when loading the .pfx with X509Certificate, I am not able to see the other two certificates.
The certificate was exported with
*Personal Information Exchange - PKCS #12 (.PFX)
Include all certificates in the certification path if possible
Enable strong protection (requires IE 5.0, NT 4.0 SP4 or above)
Those are the options selected when exporting the certificate(s). I know there are three certificates because I manually go into the certstore (MMC) and import it into a personal folder myself.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您应该能够使用
X509Certificate2Collection类获取包含 .pfx 文件中的证书的集合对象...这是一些 C# 示例代码:然后您可以迭代集合:
根据证书的类型(客户端证书、中间 CA 证书、根 CA),您需要打开正确的证书存储(作为
X509Store对象)来导入它。查看
X509Store文档:http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509store.aspx
以及
StoreName枚举中的不同成员:< a href="http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.storename.aspx" rel="noreferrer">http://msdn.microsoft.com/en- us/library/system.security.cryptography.x509certificates.storename.aspx
据我了解,您希望将
StoreName.My用于包含私钥的客户端证书,StoreName.CertificateAuthority用于中间 CA 证书,StoreName.Root用于根 CA 证书。You should be able to get a collection object containing the certs in your .pfx file by using the
X509Certificate2Collectionclass... here's some C# example code:Then you can iterate over the collection:
Depending on the type of certificate (client cert, intermediate CA cert, root CA) you'll need to open the proper cert store (as an
X509Storeobject) to import it.Check out the
X509Storedocs:http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509store.aspx
And the different members in the
StoreNameenumeration:http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.storename.aspx
From what I understand, you want to use
StoreName.Myfor client certificates that contain a private key,StoreName.CertificateAuthorityfor intermediate CA certs, andStoreName.Rootfor root CA certs.