我使用BouncyCastle来生成证书请求:
但是,我不明白该如何将它附加到请求中。
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Crypto.Prng;
using Org.BouncyCastle.Pkcs;
using Org.BouncyCastle.Security;
using System.IO;
class Program {
static void Main(string[] args) {
var keyGenerator = new RsaKeyPairGenerator();
keyGenerator.Init(
new KeyGenerationParameters(
new SecureRandom(new CryptoApiRandomGenerator()),
2048));
var keyPair = keyGenerator.GenerateKeyPair();
X509Name name = new X509Name("CN=test");
Pkcs10CertificationRequest csr = new Pkcs10CertificationRequest("SHA256WITHRSA", name, keyPair.Public, null, keyPair.Private);
using (FileStream fs = new FileStream(@"X:\tmp\tmp.csr", FileMode.Create)) {
var req = csr.GetDerEncoded();
fs.Write(req, 0, req.Length);
}
}
}
我应该如何在请求中指定证书模板?
注意:解码使用certutil
创建的证书控制台请求时,看起来证书模板应该是请求的扩展;我已经尝试相应地创建了一个扩展:
var extGen = new Org.BouncyCastle.Asn1.X509.X509ExtensionsGenerator();
extGen.AddExtension(
new DerObjectIdentifier("1.3.6.1.4.1.311.21.7"), // OID for certificate template extension
true,
new DerObjectIdentifier("1.3.6.1.4.1.311.21.8.the.OID.of.the.template"));
但是,我不明白该如何将它附加到请求中。