1. 首頁
  2. 問答
  3. system.security.cryptography.x509certificates無法驗證

system.security.cryptography.x509certificates無法驗證

2016-12-14 103 views
0

面對一個非常奇怪的問題X509Certificate2.Verify()爲有效證書返回false。也許有些人以前已經面對過這種奇怪的情況,並可以對此發出一些啓發。system.security.cryptography.x509certificates無法驗證

我使用makecert產生用於測試目的客戶端證書,它做工精細,我可以讀取的證書....但是校驗功能總是返回false, 我寫這篇文章的CMD:

makecert -r -pe -n "client1" -b 01/01/2005 -e 01/01/2020 -sky exchange -ss certifcat

當我寫:

X509Certificate2 x509_2 = LoadCertificate(StoreLocation.CurrentUser, "client1"); 
Console.WriteLine("Verify " + x509_2.Verify()); // the output : false

任何機構可以幫助?

編輯: 的的certutil -verify d輸出:\ test.cer:

Issuer: 
    CN=WWW.AGGREGATEDINTELLIGENCE.COM 
    Name Hash(sha1): 553fd856f55d46239156546a1693dd5e160f0eed 
    Name Hash(md5): dec1c115101d31de7502eee9fb7e6e4b 
Subject: 
    CN=WWW.AGGREGATEDINTELLIGENCE.COM 
    Name Hash(sha1): 553fd856f55d46239156546a1693dd5e160f0eed 
    Name Hash(md5): dec1c115101d31de7502eee9fb7e6e4b 
Cert Serial Number: 8aa4007cd7a02e8045301ccb11369bb2 

dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000) 
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000) 
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000) 
HCCE_LOCAL_MACHINE 
CERT_CHAIN_POLICY_BASE 
-------- CERT_CHAIN_CONTEXT -------- 
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) 
ChainContext.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20) 

SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) 
SimpleChain.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20) 

CertContext[0][0]: dwInfoStatus=109 dwErrorStatus=20 
    Issuer: CN=WWW.AGGREGATEDINTELLIGENCE.COM 
    NotBefore: 1/1/2005 12:00 AM 
    NotAfter: 1/1/2020 12:00 AM 
    Subject: CN=WWW.AGGREGATEDINTELLIGENCE.COM 
    Serial: 8aa4007cd7a02e8045301ccb11369bb2 
    Cert: c6388297376cfde5742b3bd2a217ba1c728bc005 
    Element.dwInfoStatus = CERT_TRUST_HAS_EXACT_MATCH_ISSUER (0x1) 
    Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8) 
    Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) 
    Element.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20) 

Exclude leaf cert: 
    Chain: da39a3ee5e6b4b0d3255bfef95601890afd80709 
Full chain: 
    Chain: c6388297376cfde5742b3bd2a217ba1c728bc005 
------------------------------------ 
Verified Issuance Policies: All 
Verified Application Policies: All 
Cannot check leaf certificate revocation status 
CertUtil: -verify command completed successfully.

來源

2016-12-14 code

回答

2

,需要考慮兩件事情:使用deprecatedmakecert.exe

  1. 停止。相反,您應該考慮使用New-SelfSignedCertificate PowerShell cmdlet生成測試證書。

  2. 問題是證書不是由受信任的機構頒發的。您必須將證書的副本安裝到LocalMachine\Root商店。

來源

2016-12-14 16:44:35 Crypt32

+0

我該怎麼辦才能將證書的副本安裝到LocalMachine \ Root?我按照這個步驟,但它沒有工作: https://technet.microsoft.com/en-us/library/cc754841(v=ws.11).aspx – code

+0

將您的證書導出到CER文件並運行以下命令: 'certutil -verify path \ certfile.cer'並在你的問題中發佈輸出。 – Crypt32

+0

我做你想做的和我上面的問題的輸出......但是當我運行該項目的verfiy給我虛假 – code

相關問題

 相關問題