Pobieram to opakowanie OpenSSL.Net i będę integrował się w moim projekcie, który polega na devellop PKI
- tworzy personele certyfikatów
- tworzy samopodpisany certyfikat CA.
- podpisałem certyfikat z urzędem certyfikacji Nie mogę znaleźć rozwiązania
Odpowiedzi:
5 dla odpowiedzi № 1Za pomocą klas X509CertificateAuthority i X509Certificate można programowo tworzyć certyfikaty SSL przy użyciu OpenSSL.NET. Możesz znaleźć przykładowy kod na poniżej link.
###################################################
// Create a configuration object using openssl.cnf file.
OpenSSL.X509.Configuration cfg = new OpenSSL.X509.Configuration("Path to your openssl configuration file i.e. openssl.cnf");
// Create a root certificate authority which will have a self signed certificate.
OpenSSL.X509.X509CertificateAuthority RootCA = OpenSSL.X509.X509CertificateAuthority.SelfSigned(cfg, new SimpleSerialNumber(),"Disinguish name for your CA", DateTime.
Now, TimeSpan.FromDays(365));
// If you want the certificate of your root CA which you just create, you can get the certificate like this.
X509Certificate RootCertificate = rootCA.certificate;
// Here you need CSR(Certificate Signing Request) which you might have already got it from your web server e.g. IIS7.0.
string strCSR = System.IO.File.ReadAllText(@"Path to your CSR file");
// You need to write the CSR string to a BIO object as shown below.
OpenSSL.Core.BIO ReqBIO = OpenSSL.Core.BIO.MemoryBuffer();
ReqBIO.Write(strCSR);
// Now you can create X509Rquest object using the ReqBIO.
OpenSSL.X509.X509Request Request = new OpenSSL.X509.X509Request(reqBIO);
// Once you have a request object, you can create a SSL Certificate which is signed by the self signed RootCA.
OpenSSL.X509.X509Certificate certificate = RootCA.ProcessRequest(Request, DateTime.Now, DateTime.Now + TimeSpan.FromDays(365));
// Now you can save this certificate to your file system.
FileStream fs = new FileStream("Path to your file where you want to create the certificate with file name", FileMode.Create, FileAccess.ReadWrite);
BinaryWriter bw = new BinaryWriter(fs);
BIO bio = BIO.MemoryBuffer();
certificate.Write(bio);
string certString = bio.ReadString();
bw.Write(certString);
##############################################
1 dla odpowiedzi nr 2
Będzie o wiele szybciej, jeśli po prostu skorzystasz z OpenSSL poprzez Process.Start tak:
Utwórz CA:
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out ca.key
openssl req -new -x509 -days 9855 -key ca.key -out ca.crt
openssl x509 -in ca.crt -setalias "Company Name" -out ca.crt
openssl pkcs12 -export -nokeys -name "Company Name" -in ca.crt -out ca_public.pfx
Utwórz podpisane certyfikaty personelu:
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out id.key
openssl req -new -key id.key -out id.csr
openssl ca -policy policy_anything -in id.csr -cert ca.crt -keyfile ca.key -out id.crt -days 3650
del id.csr
openssl x509 -in id.crt -setalias "Personnel Name" -out id.crt
openssl pkcs12 -export -name "Personnel Name" -in id.crt -inkey id.key -out id.pfx
openssl pkcs12 -export -nokeys -name "Personnel Name" -in id.crt -out id_public.pfx