C# - 每次重新颁发 SSL 证书时都需要更改应用程序中的序列号

C# - every time SSL cert is reissued it requires to change serial number in application

我正在使用以下代码在 C# web API 中配置 SSL 证书。问题是我正在使用序列号查找 SSL 证书,每次 Infra 重新颁发 SSL 证书时,我都必须更新应用程序配置中的证书序列号。是否有任何证书 属性 在重新发布后保持不变?

X509Store store = new X509Store(StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);    
X509Certificate2Collection certificates = store.Certificates.Find(
                                                X509FindType.FindBySerialNumber,
                                                sslCertificateSerialNumber,
                                                false);

'sslCertificateSerialNumber' 来自配置文件

你可以使用 findBySubjectName 它更有用。如果你有多个主题,你可以这样做:

        X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.LocalMachine);
        store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
        X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
        foreach (X509Certificate2 x509 in collection)
        {
            if (x509.Thumbprint == "5550541D10488D148BCAC0D289DED441609849FF")
            {
                client.ClientCredentials.ClientCertificate.SetCertificate(
                 x509.SubjectName.Name, store.Location, StoreName.TrustedPeople);
            }
        }