OpenSSL.Net 创建证书 509x

发布于 2024-11-02 17:18:04 字数 133 浏览 5 评论 0原文

我下载了这个包装器 OpenSSL.Net,我将集成到我的项目中,该项目包含一个 PKI 开发

  • 创建证书人员
  • 创建一个自签名 CA 证书
  • 用 CA 签署了证书我找不到解决方案

I download this wrapper OpenSSL.Net and I shall integrate in my project which consists in a PKI devellop

  • creates certificate personels
  • creates a self signed CA certificate
  • signed the certificate with the CA I can not find the solution

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

冰雪梦之恋 2024-11-09 17:18:04

您可以使用 X509CertificateAuthority 和 X509Certificate 类以编程方式使用 OpenSSL.NET 创建 SSL 证书。
您可以在下面的链接中找到示例代码。

###################################################
// Create a configuration object using openssl.cnf file.
OpenSSL.X509.Configuration cfg = new OpenSSL.X509.Configuration("Path to your openssl configuration file i.e. openssl.cnf");

// Create a root certificate authority which will have a self signed certificate.
OpenSSL.X509.X509CertificateAuthority RootCA = OpenSSL.X509.X509CertificateAuthority.SelfSigned(cfg, new SimpleSerialNumber(),"Disinguish name for your CA", DateTime.
Now, TimeSpan.FromDays(365));

// If you want the certificate of your root CA which you just create, you can get the certificate like this.
X509Certificate RootCertificate = rootCA.certificate;

// Here you need CSR(Certificate Signing Request) which you might have already got it from your web server e.g. IIS7.0.
string strCSR = System.IO.File.ReadAllText(@"Path to your CSR file");

// You need to write the CSR string to a BIO object as shown below.
OpenSSL.Core.BIO ReqBIO = OpenSSL.Core.BIO.MemoryBuffer();
ReqBIO.Write(strCSR);

// Now you can create X509Rquest object using the ReqBIO.
OpenSSL.X509.X509Request Request = new OpenSSL.X509.X509Request(reqBIO);

// Once you have a request object, you can create a SSL Certificate which is signed by the self signed RootCA.
OpenSSL.X509.X509Certificate certificate = RootCA.ProcessRequest(Request, DateTime.Now, DateTime.Now + TimeSpan.FromDays(365));

// Now you can save this certificate to your file system.
FileStream fs = new FileStream("Path to your file where you want to create the certificate with file name", FileMode.Create, FileAccess.ReadWrite);
BinaryWriter bw = new BinaryWriter(fs);
BIO bio = BIO.MemoryBuffer();
certificate.Write(bio);
string certString = bio.ReadString();
bw.Write(certString);
##############################################

You can use X509CertificateAuthority and X509Certificate classes to create SSL certificates using OpenSSL.NET programmatically.
You can find the sample code at the below link.

###################################################
// Create a configuration object using openssl.cnf file.
OpenSSL.X509.Configuration cfg = new OpenSSL.X509.Configuration("Path to your openssl configuration file i.e. openssl.cnf");

// Create a root certificate authority which will have a self signed certificate.
OpenSSL.X509.X509CertificateAuthority RootCA = OpenSSL.X509.X509CertificateAuthority.SelfSigned(cfg, new SimpleSerialNumber(),"Disinguish name for your CA", DateTime.
Now, TimeSpan.FromDays(365));

// If you want the certificate of your root CA which you just create, you can get the certificate like this.
X509Certificate RootCertificate = rootCA.certificate;

// Here you need CSR(Certificate Signing Request) which you might have already got it from your web server e.g. IIS7.0.
string strCSR = System.IO.File.ReadAllText(@"Path to your CSR file");

// You need to write the CSR string to a BIO object as shown below.
OpenSSL.Core.BIO ReqBIO = OpenSSL.Core.BIO.MemoryBuffer();
ReqBIO.Write(strCSR);

// Now you can create X509Rquest object using the ReqBIO.
OpenSSL.X509.X509Request Request = new OpenSSL.X509.X509Request(reqBIO);

// Once you have a request object, you can create a SSL Certificate which is signed by the self signed RootCA.
OpenSSL.X509.X509Certificate certificate = RootCA.ProcessRequest(Request, DateTime.Now, DateTime.Now + TimeSpan.FromDays(365));

// Now you can save this certificate to your file system.
FileStream fs = new FileStream("Path to your file where you want to create the certificate with file name", FileMode.Create, FileAccess.ReadWrite);
BinaryWriter bw = new BinaryWriter(fs);
BIO bio = BIO.MemoryBuffer();
certificate.Write(bio);
string certString = bio.ReadString();
bw.Write(certString);
##############################################
渡你暖光 2024-11-09 17:18:04

如果您只是通过 Process.Start 使用 OpenSSL 本身,速度会快很多,如下所示:

创建 CA:

openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out ca.key
openssl req -new -x509 -days 9855 -key ca.key -out ca.crt
openssl x509 -in ca.crt -setalias "Company Name" -out ca.crt
openssl pkcs12 -export -nokeys -name "Company Name" -in ca.crt -out ca_public.pfx

创建签名人员证书:

openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out id.key
openssl req -new -key id.key -out id.csr
openssl ca -policy policy_anything -in id.csr -cert ca.crt -keyfile ca.key -out id.crt -days 3650
del id.csr
openssl x509 -in id.crt -setalias "Personnel Name" -out id.crt
openssl pkcs12 -export -name "Personnel Name" -in id.crt -inkey id.key -out id.pfx
openssl pkcs12 -export -nokeys -name "Personnel Name" -in id.crt -out id_public.pfx

It will be a lot faster if you simply use OpenSSL itself through Process.Start like this:

Create CA:

openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out ca.key
openssl req -new -x509 -days 9855 -key ca.key -out ca.crt
openssl x509 -in ca.crt -setalias "Company Name" -out ca.crt
openssl pkcs12 -export -nokeys -name "Company Name" -in ca.crt -out ca_public.pfx

Create Signed Personnel Certificates:

openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out id.key
openssl req -new -key id.key -out id.csr
openssl ca -policy policy_anything -in id.csr -cert ca.crt -keyfile ca.key -out id.crt -days 3650
del id.csr
openssl x509 -in id.crt -setalias "Personnel Name" -out id.crt
openssl pkcs12 -export -name "Personnel Name" -in id.crt -inkey id.key -out id.pfx
openssl pkcs12 -export -nokeys -name "Personnel Name" -in id.crt -out id_public.pfx
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文