Client certs without using the keystore

梦想的初衷 提交于 2020-01-23 13:15:47

问题


I'm trying to figure out if there is any way to have a .NET client use a client certificate without involving the Windows keystore in any way.

I have a code snippet like this:

test1.Service s = new test1.Service();
X509Certificate c = X509Certificate.CreateFromCertFile(@"C:\test.pem");
s.ClientCertificates.Add(c);
int result = s.TestMethod();

However, this only works if I also have the certificate referenced in "test.pem" installed in my certificate store. I assume this is because the key is necessary for the negotiation. If I don't have the cert/key in the store, the cert is not sent with the request.

What I want to do is be able to provide both the certificate and private key from a file or files and not involve the Windows certificate store in any way.

Is there any way to do this?


回答1:


I'm going to post an answer to my own post, but will leave it open to see if others can solve it different.

Basically, I'm punting. If you have a PKCS12 file (with both key and cert in it) you can use the X509Certificate2 class to load that file and use it, and it won't interrogate the keystore.

I could not find a way to do this with flat PEM key and cert files (like what you'd need with Python, for example).



来源:https://stackoverflow.com/questions/473494/client-certs-without-using-the-keystore

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!