c# - OpenSSL.Net 创建证书 509x

Question

我下载了这个包装器 OpenSSL.Net，我将集成到我的项目中，该项目包含一个 PKI 开发

• 创建证书人员
• 创建一个自签名 CA 证书
• 用CA签了证书我找不到解决办法

Answer 1

您可以使用 X509CertificateAuthority 和 X509Certificate 类以编程方式使用 OpenSSL.NET 创建 SSL 证书。 您可以在 below link. 找到示例代码

###################################################
// Create a configuration object using openssl.cnf file.
OpenSSL.X509.Configuration cfg = new OpenSSL.X509.Configuration("Path to your openssl configuration file i.e. openssl.cnf");

// Create a root certificate authority which will have a self signed certificate.
OpenSSL.X509.X509CertificateAuthority RootCA = OpenSSL.X509.X509CertificateAuthority.SelfSigned(cfg, new SimpleSerialNumber(),"Disinguish name for your CA", DateTime.
Now, TimeSpan.FromDays(365));

// If you want the certificate of your root CA which you just create, you can get the certificate like this.
X509Certificate RootCertificate = rootCA.certificate;

// Here you need CSR(Certificate Signing Request) which you might have already got it from your web server e.g. IIS7.0.
string strCSR = System.IO.File.ReadAllText(@"Path to your CSR file");

// You need to write the CSR string to a BIO object as shown below.
OpenSSL.Core.BIO ReqBIO = OpenSSL.Core.BIO.MemoryBuffer();
ReqBIO.Write(strCSR);

// Now you can create X509Rquest object using the ReqBIO.
OpenSSL.X509.X509Request Request = new OpenSSL.X509.X509Request(reqBIO);

// Once you have a request object, you can create a SSL Certificate which is signed by the self signed RootCA.
OpenSSL.X509.X509Certificate certificate = RootCA.ProcessRequest(Request, DateTime.Now, DateTime.Now + TimeSpan.FromDays(365));

// Now you can save this certificate to your file system.
FileStream fs = new FileStream("Path to your file where you want to create the certificate with file name", FileMode.Create, FileAccess.ReadWrite);
BinaryWriter bw = new BinaryWriter(fs);
BIO bio = BIO.MemoryBuffer();
certificate.Write(bio);
string certString = bio.ReadString();
bw.Write(certString);
##############################################