如何使用 Mono.Security 设置 X509 SubjectAltName (SAN)？

Question

Chrome 58 弃用省略主题备用名称 (SAN) 的自签名证书。我使用 Mono.Security.X509 X509CertificateBuilder() 为 'localhost' 上的 Windows OWIN 服务创建证书，使浏览器能够与 TWAIN 扫描仪通信。该证书目前仅设置通用名称，因此不足以 Chrome 58.

使用 Mono.Security.X509 创建使 Chrome 能够与本地主机上的 OWIN 服务通信的自签名证书的正确方法是什么？

    RSA subjectKey = new RSACryptoServiceProvider(2048);

    X509CertificateBuilder cb = new X509CertificateBuilder(3);
    cb.SerialNumber = GenerateSerialNumber();
    cb.IssuerName = "CN=localhost";
    cb.NotBefore = notBefore;
    cb.NotAfter = notAfter;
    cb.SubjectName = "CN=localhost";
    cb.SubjectPublicKey = subjectKey;
    cb.Hash = "SHA256";

    byte[] rawcert = cb.Sign(subjectKey);
    PKCS12 p12 = new PKCS12();
    p12.Password = password;

    Hashtable attributes = GetAttributes();
    p12.AddCertificate(new X509Certificate(rawcert), attributes);
    p12.AddPkcs8ShroudedKeyBag(subjectKey, attributes);

    return p12.GetBytes();

Answer 1

var san = new SubjectAltNameExtension(new string[0], new string[1] { "localhost" }, new string[0], new string[0]); 
cb.Extensions.Add(san);

我在 Jexus Manager 中对此进行了测试，

https://github.com/jexuswebserver/JexusManager/blob/master/JexusManager.Features.Certificates/SelfCertificateDialog.cs