x509certificate2

问题 I am using smart card to authenticate the user. I have a authentication service (SecurityTokenService) which handles the authentication logic on the server. I am using X509Certificate2.Verify() to validate the certificate. Since this API can check if the certificate is valid/revoked by going online and contacting Certification Authority (CA), do I need root certificate on the server? Can we avoid having root certificate on our local computer? Or root certificate is always mandatory? 回答1: I

问题 I am trying to access the private key of an X509 certificate intalled in a certificate store on a remote machine. Whilst I can access the cert store and the certificate on the remote server, I get the error "System.Security.Cryptography.CryptographicException: Keyset does not exist" when I call the PrivateKey property of the X509Certificate2 object. I have been through answers given for this error but none of them seem to work for me. I have verified that the user calling my code has

问题 I'm using this little class which returns me a pfx file in byte array. Server side: byte[] serverCertificatebyte; var date = new DateTime(DateTime.Today.Year, DateTime.Today.Month, DateTime.Today.Day); serverCertificatebyte = Certificate.CreateSelfSignCertificatePfx("CN=RustBuster" + RandomString(5), date, date.AddDays(7)); Then I send It to the client (length: 1654): tcpClient.GetStream().Write(serverCertificatebyte , 0, serverCertificatebyte .Length); Once the client read It, I would like

问题 I need to write a function in javascript (forge) that get a thumbnail of a pfx certificate. I created a test certificate(mypfx.pfx). By using c# X509Certificate2 library, I can see thumbprint of input certificate in X509Certificate2 object by passing file bytes array and password. Here is c# code snippet: X509Certificate2 certificate = new X509Certificate2(byteArrayCertData, password); var thumbprint = certificate.Thumbprint; //thumbprint is a hex encoding SHA-1 hash But when I am trying to

问题 I'm facing some issue with 2-way ssl configuration in .Net. Somehow, when I create X509Certificate2 object using .cer file and password in the constructor, the password is ignored (I gave wrong password and it worked - the response was successfully returned). In the other hand, when I use .p12 file the behavior is as expected (wrong password causes unsuccessful result) Any ideas? Thanks. 回答1: The .cer file contains (it is the common case) only the X509 certificate in an unencrypted form. In

问题 Starting August 15 2015, the GSX webservices from Apple will be upgraded to a more secure version, requiring a clientside SSL certificate for each request. What steps do I need to take to connect to this New Generation webservice using the WCF framework with C#.NET? The documentation from Apple states the first step is to generate a CSR (Certificate Signing Request), send this to Apple and they will return a certificate to secure the future connections with. How can I generate this CSR? What

问题 I need to get a X509 Certificate by Serial Number, I have the serial number and I am looping through them and i see the serial number in the collection I need but it is never found. Here is my debug code just ot make sure I am seeing the proper serial numbers: X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadOnly); foreach (X509Certificate2 cert in store.Certificates) { System.Web.HttpContext.Current.Response.Write (cert.SerialNumber + "=" +

问题 Question when running the following code: X509Certificate2 cert = new X509Certificate2(@"C:\file.p12", "password", X509KeyStorageFlags.Exportable); RSACryptoServiceProvider crypt = (RSACryptoServiceProvider)cert.PrivateKey; I get the following error: Keyset does not exist . I have not added the certificate to a store, is this required to be able to access the private key? 回答1: Add the X509KeyStorageFlags.PersistKeySet option to the last argument of the X509Certificate2 constructor. Otherwise,

问题 I am building some .net code that will run unattended on a scheduled basis on one of our servers. Part of its execution requires that it execute a Java executable which talks to some web resources and services over SSL. Java will absolutely throw a fit if it's doing something over SSL and it doesn't have every single certificate in the remote certificate's chain. So in .NET I need to be able to specify an https:// resource and need it to download the entire remote chain locally. Why do I want

问题 This question already has an answer here : KeyVault generated certificate with exportable private key (1 answer) Closed last year . I have 2 approaches to do the same thing, but Azure has deprecated the one that works, and the other method doesn't work. The approach that works, but is deprecated: I store my PFX in Azure Key Vault Secrets . (when I create the secret I see a warning stating that this feature is deprecated) and use the following code to retrieve it to create my certificate: