используя надувной замок Я создал сертификат X.509v3, я использую следующий код:
{
X509Certificate2 cerca= creer_ca("CA_certifcate"); // creer_ca is a function that create the autority
Console.WriteLine("create a certificaet RSA signed by CA_certificate ");
var kpgen = new RsaKeyPairGenerator();
kpgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 1024));
var cerKp = kpgen.GenerateKeyPair();
//champs certificat
string certSubjectName = "test_RSA";
var certName = new X509Name("CN="+certSubjectName);
var serialNo = BigInteger.ProbablePrime(120, new Random());
X509V3CertificateGenerator gen2 = new X509V3CertificateGenerator();
gen2.SetSerialNumber(serialNo);
gen2.SetSubjectDN(certName);
gen2.SetIssuerDN(new X509Name(true, cerca.Subject)); // le nom de l'autorité
gen2.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(30, 0, 0, 0)));
gen2.SetNotAfter(DateTime.Now.AddYears(2));
gen2.SetSignatureAlgorithm("sha512WithRSA");
gen2.SetPublicKey(cerKp.Public);
AsymmetricCipherKeyPair akp = DotNetUtilities.GetKeyPair(cerca.PrivateKey);
Org.BouncyCastle.X509.X509Certificate newCert = gen2.Generate(akp.Private);
// used for getting a private key
X509Certificate2 userCert = ConvertToWindows(newCert, cerKp);
byte[] cert = DotNetUtilities.ToX509Certificate(newCert).Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pkcs12, "password");
var certif = new X509Certificate2(cert, "password");
X509Store store = new X509Store("Root", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
store.Add(certif);
}
при отображении сертификата отображается следующее сообщение (в общем ракурсе)
Windows ne se dispose pas des informations suffisantes pour vérifier le certificat
это означает, что
Windows does not have sufficient information to verify the certificate
для создания полномочий я использую makecert следующим образом:
public static X509Certificate2 creer_ca(string ca_name)
{
try
{
Process.Start("makecert.exe", "-r -pe -n \"O=" + ca_name + ",CN=" + ca_name + " \" -ss Root -sky exchange -sp \"Microsoft RSA Schannel Cryptographic Provider\" -sy 12 -len 2048 -a sha1 certificat_" + ca_name+ ".cer");
}
catch
{
Console.WriteLine("echec création de l'autorité");
}
X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
X509Certificate2Collection fcollection = (X509Certificate2Collection)collection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
X509Certificate2 certificateR = new X509Certificate2();
bool trouvé = false;
foreach (X509Certificate2 x509 in fcollection)
{
if (x509.GetNameInfo(X509NameType.SimpleName, true) == ca_name)
{
trouvé = true;
certificateR = x509;
break;
}
}
store.Close();
X509Certificate2 caCert = new X509Certificate2();
if (trouvé == false)
{
Console.WriteLine ("le certificat de nom " + ca_name+ " n'a pas été trouvé");
}
else
{
Console.WriteLine ("le certificat de nom " + ca_name+ " a été trouvé");
caCert= certificateR;
}
return (caCert); //the authority is created succesfully,
}
помогите, пожалуйста.