在 c# 上生成 x509 证书未返回预期结果
Generate x509 certificate on c# not returning expected result
我正在使用 .net 6.0 和 .net 核心,我想创建 x509 证书并将其与 k8s c# 客户端一起使用。
为了创建 x509 证书,我有这样的方法:
public static byte[] GenerateCertificate(string name)
{
var sanBuilder = new SubjectAlternativeNameBuilder();
sanBuilder.AddIpAddress(IPAddress.Loopback);
sanBuilder.AddIpAddress(IPAddress.IPv6Loopback);
sanBuilder.AddDnsName("localhost");
sanBuilder.AddDnsName(Environment.MachineName);
var distinguishedName = new X500DistinguishedName(name);
using var rsa = RSA.Create(4096);
var request = new CertificateRequest(distinguishedName, rsa, HashAlgorithmName.SHA256,RSASignaturePadding.Pkcs1);
request.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DataEncipherment | X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DigitalSignature , false));
request.CertificateExtensions.Add(new X509EnhancedKeyUsageExtension(new OidCollection { new ("1.3.6.1.5.5.7.3.1") }, false));
request.CertificateExtensions.Add(sanBuilder.Build());
request.CreateSelfSigned(new DateTimeOffset(DateTime.UtcNow.AddDays(-1)), new DateTimeOffset(DateTime.UtcNow.AddDays(3650)));
var csr = request.CreateSigningRequest();
return csr;
}
我期待在 k8s 上生成证书的结果是这样的:
-----BEGIN CERTIFICATE REQUEST-----
certificate code long code
-----END CERTIFICATE REQUEST-----
如何设法得到这样的结果?
您正在寻找 PEM 格式,但函数提供了 DER。
"To convert the return value to PEM format, make a string consisting of -----BEGIN CERTIFICATE REQUEST-----, a newline, the Base-64-encoded representation of the request (by convention, linewrapped at 64 characters), a newline, and -----END CERTIFICATE REQUEST-----."
所以你需要的是
return
"-----BEGIN CERTIFICATE REQUEST-----\r\n" +
Convert.ToBase64String(csr) +
"\r\n-----END CERTIFICATE REQUEST-----";
您还需要将函数更改为 return string。如果你想 return 它作为 byte 你需要决定一个编码。例如,您可以 return Encoding.UTF8.GetBytes(base64Request);
我正在使用 .net 6.0 和 .net 核心,我想创建 x509 证书并将其与 k8s c# 客户端一起使用。
为了创建 x509 证书,我有这样的方法:
public static byte[] GenerateCertificate(string name)
{
var sanBuilder = new SubjectAlternativeNameBuilder();
sanBuilder.AddIpAddress(IPAddress.Loopback);
sanBuilder.AddIpAddress(IPAddress.IPv6Loopback);
sanBuilder.AddDnsName("localhost");
sanBuilder.AddDnsName(Environment.MachineName);
var distinguishedName = new X500DistinguishedName(name);
using var rsa = RSA.Create(4096);
var request = new CertificateRequest(distinguishedName, rsa, HashAlgorithmName.SHA256,RSASignaturePadding.Pkcs1);
request.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DataEncipherment | X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DigitalSignature , false));
request.CertificateExtensions.Add(new X509EnhancedKeyUsageExtension(new OidCollection { new ("1.3.6.1.5.5.7.3.1") }, false));
request.CertificateExtensions.Add(sanBuilder.Build());
request.CreateSelfSigned(new DateTimeOffset(DateTime.UtcNow.AddDays(-1)), new DateTimeOffset(DateTime.UtcNow.AddDays(3650)));
var csr = request.CreateSigningRequest();
return csr;
}
我期待在 k8s 上生成证书的结果是这样的:
-----BEGIN CERTIFICATE REQUEST-----
certificate code long code
-----END CERTIFICATE REQUEST-----
如何设法得到这样的结果?
您正在寻找 PEM 格式,但函数提供了 DER。
"To convert the return value to PEM format, make a string consisting of
-----BEGIN CERTIFICATE REQUEST-----, a newline, the Base-64-encoded representation of the request (by convention, linewrapped at 64 characters), a newline, and-----END CERTIFICATE REQUEST-----."
所以你需要的是
return
"-----BEGIN CERTIFICATE REQUEST-----\r\n" +
Convert.ToBase64String(csr) +
"\r\n-----END CERTIFICATE REQUEST-----";
您还需要将函数更改为 return string。如果你想 return 它作为 byte 你需要决定一个编码。例如,您可以 return Encoding.UTF8.GetBytes(base64Request);