开发者

How to create X.509 certificate

问答 作者:

using bouncy castle i have created a X.509v3 certificate, i use a following code:

{

  X509Certificate2 cerca= creer_ca("CA_certifcate"); // creer_ca is a function that create the autority

Console.WriteLine("create a certificaet RSA signed by CA_certificate ");

            var kpgen = new RsaKeyPairGenerator();

            kpgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 1024));

            var cerKp = kpgen.GenerateKeyPair();

            //champs certificat

            string certSubjectName = "test_RSA";
            var certName = new X509Name("CN="+certSubjectName);               
            var serialNo = BigInteger.ProbablePrime(120, new Random());

            X509V3CertificateGenerator gen2 = new X509V3CertificateGenerator();
            gen2.SetSerialNumber(serialNo);
            gen2.SetSubjectDN(certName);
            gen2.SetIssuerDN(new X509Name(true, cerca.Subject)); // le nom de l'autorité
            gen2.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(30, 0, 0, 0)));
            gen2.SetNotAfter(DateTime.Now.AddYears(2));
            gen2.SetSignatureAlgorithm("sha512WithRSA");

            gen2.SetPublicKey(cerKp.Public);


            AsymmetricCipherKeyPair akp = DotNetUtil开发者_运维技巧ities.GetKeyPair(cerca.PrivateKey);
            Org.BouncyCastle.X509.X509Certificate newCert = gen2.Generate(akp.Private);
            // used for getting a private key    
            X509Certificate2 userCert = ConvertToWindows(newCert, cerKp);

            byte[] cert = DotNetUtilities.ToX509Certificate(newCert).Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pkcs12, "password");
            var certif = new X509Certificate2(cert, "password");

            X509Store store = new X509Store("Root", StoreLocation.CurrentUser); 
            store.Open(OpenFlags.ReadWrite);
            store.Add(certif);
}

when displaying a certificate, the folowing message is displayed (in the general angle)

Windows ne se dispose pas des informations suffisantes pour vérifier le certificat

it means that

Windows does not have sufficient information to verify the certificate

in order to create a authority i use makecert like this:

public static X509Certificate2 creer_ca(string ca_name)
    {


  try
  {
     Process.Start("makecert.exe", "-r -pe -n \"O=" + ca_name + ",CN=" + ca_name + " \" -ss Root -sky exchange -sp \"Microsoft RSA Schannel Cryptographic Provider\" -sy 12 -len 2048 -a sha1 certificat_" + ca_name+ ".cer");
  }
  catch
  {
      Console.WriteLine("echec création de l'autorité");
  }

  X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);

  store.Open(OpenFlags.ReadWrite);

  X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
  X509Certificate2Collection fcollection = (X509Certificate2Collection)collection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);


    X509Certificate2 certificateR = new X509Certificate2();

  bool trouvé = false;




  foreach (X509Certificate2 x509 in fcollection)
  {
      if (x509.GetNameInfo(X509NameType.SimpleName, true) == ca_name)
      {
          trouvé = true;
          certificateR = x509;

          break;
      }
  }

  store.Close();

  X509Certificate2 caCert = new X509Certificate2();

         if (trouvé == false)

            {

              Console.WriteLine ("le certificat de nom " + ca_name+ " n'a pas été trouvé");
                }

            else
            { 

            Console.WriteLine ("le certificat de nom " + ca_name+ " a été trouvé");


            caCert= certificateR;


        }
         return (caCert); //the authority is created succesfully,

     }

help please.

继续阅读:bouncycastlex509certificate

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9