问题描述
我有一个成功的 LetsEncrypt 证书请求的 .cer 文件输出.
I have a .cer file output from a successful LetsEncrypt certificate request.
我有用于为 LetsEncrypt 创建证书签名请求 (CSR) 的原始私钥.
I have the original Private Key used to create the Certificate Signing Request (CSR) for LetsEncrypt.
现在我们需要使用 .NET 以编程方式将这两个文件组合成一个用于 IIS 的 PFX 包
Now we need to programmatically combine these two files into a PFX bundle for IIS using .NET
由于我们试图以编程方式执行此操作,pvk2pfx 不实用,因此我们希望尽可能避免使用 openssl.
Since we are trying to to do this programmatically pvk2pfx is not practical, and we would like to avoid openssl if possible.
为了演示,我们尝试复制此功能,但使用 CS .NET 而不是 pvk2pfx:pvk2pfx.exe -pvk Server.pvk -spc Server.cer -pfx Server.pfx
To demonstrate though, we are trying to replicate this function but using CS .NET instead of pvk2pfx: pvk2pfx.exe -pvk Server.pvk -spc Server.cer -pfx Server.pfx
我进行了详尽的研究,以下是我看到的可能性:
I have researched exhaustively and here are the possibilities I see:
一种方法似乎是使用 X509Certificate2 之类的:
One method seems to be using X509Certificate2 something like:
// Import the certificate
X509Certificate2 cert = new X509Certificate2("c:\cert.cer");
// Import the private key
X509Certificate2 cert = new X509Certificate2("c:\key.pvk");
// Or import the private key - Alternative method
X509DecryptString(token, @"c:CA.pvk", "mypassword");
// Export the PFX file
certificate.Export(X509ContentType.Pfx, "YourPassword");
File.WriteAllBytes(@"C:YourCert.pfx", certificateData);
这里有一些其他的方法,但它们似乎都省略了关于私钥的部分,或者它们需要 pvk2pfx.exe
Here are some other methods but all of them seem to omit the part about the Private Key or they require pvk2pfx.exe
从 cert 文件转换为 pfx 文件https://stackoverflow.com/a/4797392/3693688
Conversion from cert file to pfx file https://stackoverflow.com/a/4797392/3693688
如何以编程方式创建 X509Certificate2?http://www.wiktorzychla.com/2012/12/how-to-create-x509certificate2.html
How to create a X509Certificate2 programmatically? http://www.wiktorzychla.com/2012/12/how-to-create-x509certificate2.html
选择、创建和查找 X509 证书:http://www.wou.edu/~rvitolo06/WATK/Demos/HPCImageRendering/code/ImageRendering/AppConfigure/CertHelper.cs
Select, Create and Find X509 Certificates: http://www.wou.edu/~rvitolo06/WATK/Demos/HPCImageRendering/code/ImageRendering/AppConfigure/CertHelper.cs
无法将生成的带有私钥的证书导出到字节数组无法导出在 .NET 4.0/4.5 中使用字节数组的私钥生成证书
Cannot export generated certificate with private key to byte array Cannot export generated certificate with a private key to byte array in .NET 4.0/4.5
如何以编程方式将带有证书链的 pfx 导入证书存储区.https://stackoverflow.com/a/9152838/3693688
How to programmatically import a pfx with a chain of certificates into the certificate store. https://stackoverflow.com/a/9152838/3693688
在 C# 中以编程方式导入 .cer 和 .pvk 证书文件以用于 netsh http add sslcerthttps://gist.github.com/BrandonLWhite/235fa12247f6dc827051
Import .cer and .pvk certificate files programmatically in C# for use with netsh http add sslcert
https://gist.github.com/BrandonLWhite/235fa12247f6dc827051
将cer转换为pfx cert的方法https://gist.github.com/domgreen/988684
Method to convert cer to pfx cert https://gist.github.com/domgreen/988684
CryptoGuy 建议我们需要这个链接:https://gist.github.com/BrandonLWhite/235fa12247f6dc827051
CryptoGuy suggested we need this link: https://gist.github.com/BrandonLWhite/235fa12247f6dc827051
这是否意味着这样的事情会很好?
Does that mean something like this would be good?
CSP 部件是否必要?
Are the CSP parts necessary?
using System.Security.Cryptography.X509Certificates;
using System.Security.Cryptography;
var PublicKey = AssemblyUtility.GetEmbeddedFileAsByteArray("Cert.cer");
var PrivateKey = AssemblyUtility.GetEmbeddedFileAsByteArray("PrivateKey.pvk");
var certificate = new X509Certificate2(PublicKey, string.Empty,
X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
var cspParams = new CspParameters
{
ProviderType = 1,
Flags = CspProviderFlags.UseMachineKeyStore,
KeyContainerName = Guid.NewGuid().ToString().ToUpperInvariant()
};
var rsa = new RSACryptoServiceProvider(cspParams);
rsa.ImportCspBlob(ExtractPrivateKeyBlobFromPvk(PrivateKey));
rsa.PersistKeyInCsp = true;
certificate.PrivateKey = rsa;
certificate.Export(X509ContentType.Pfx, "YourPassword");
File.WriteAllBytes(@"C:YourCert.pfx", certificateData);
推荐答案
CryptoGuy 的回答真的很有帮助,为我们指明了正确的方向.
CryptoGuy's answer was really helpful and pointed us in the right direction.
我们仍在努力导入二进制 DER 文件,但这段代码解决了这个问题:
We were still struggling to import a Binary DER file but this code fixed that:
var oc = OpenSSL.X509.X509Certificate.FromDER(bio);
这些页面很有用:
https://github.com/openssl-net/openssl-net/blob/master/ManagedOpenSsl/X509/X509Certificate.cs
https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.rawdata
感谢大家的帮助:)
这篇关于在 C# 中以编程方式将证书和私钥转换为 .PFX的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!