WCF SSL(证书篇)-01
1、MakeCert 命令 可以通过 Visual Studio 命令提示输入“ MakeCert”运行,命令主要参数介绍:(参数有很多,不一一列出,只列出我们使用的)
CMD->MMC
-n :证书的主题名称;例如 -n "CN=计算机名称" 
-pe:将生成的私钥标记可导出;
-sr:数字证书的位置(CurrentUser代表当前帐户;LocalMachine代表本机) 
-ss:证书的存储区; 
-sky: 指定密钥的类型(signature:签名密钥;exchange:交换密钥)
-r :创建自签证书
2.Form窗体 
①生成数字证书
private void CertCreate_Click(object sender, EventArgs e) { //kfsmqoo.cer 本地Bin 目录下自动生成 string param = "-sr localmachine -ss My -n \"CN=kfsmqoo\" kfsmqoo.cer -sky exchange -pe -r"; Process p = Process.Start(txt_Cert.Text, param); p.WaitForExit(); p.Close(); MessageBox.Show("创建完毕!"); }
我们来看下证书结果,注意:这个证书不在”受信任的根证书颁发机构”,所以无法使用
②导出证书
private void btn_Export_Click(object sender, EventArgs e) { //Storename.My 个人 X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadWrite); X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates; foreach (X509Certificate2 x509 in storecollection) { if (x509.Subject == "CN=kfsmqoo") { byte[] pfxByte = x509.Export(X509ContentType.Pfx, txt_password.Text.Trim()); using (FileStream fileStream = new FileStream(Path.Combine(txt_path.Text.Trim(), "kfsmqoo.pfx"), FileMode.Create)) { // Write the data to the file, byte by byte. for (int i = 0; i < pfxByte.Length; i++) fileStream.WriteByte(pfxByte[i]); // Set the stream position to the beginning of the file. fileStream.Seek(0, SeekOrigin.Begin); // Read and verify the data. for (int i = 0; i < fileStream.Length; i++) { if (pfxByte[i] != fileStream.ReadByte()) { MessageBox.Show("Error writing data."); return; } } fileStream.Close(); MessageBox.Show("导出PFX完毕"); } } } }
看下导出结果,证书在桌面上
③导入至受信任的根证书颁发机构
private void btn_importRoot_Click(object sender, EventArgs e) { X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadWrite); X509Certificate2 x509 = new X509Certificate2(); x509.Import(Path.Combine(txt_path.Text.Trim(), "kfsmqoo.pfx"), txt_password.Text.Trim(), X509KeyStorageFlags.DefaultKeySet); store.Add(x509); store.Close(); MessageBox.Show("导入成功"); }
我们看下导入结果,这个时候证书是没有问题的.
④得到GUID
private void btn_GetGUid_Click(object sender, EventArgs e) { txt_Guid.Text = Guid.NewGuid().ToString(); }
⑤得到指纹
private void btn_GetThumbprint_Click(object sender, EventArgs e) { X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadWrite); X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates; foreach (X509Certificate2 x509 in storecollection) { if (x509.Subject == "CN=kfsmqoo") { txt_Thumbprint.Text = x509.Thumbprint; } } }
我们看下结果,证书结果和绑定SSL的一样
⑥ SSL绑定端口
netsh 命令
netsh.exe 位于 C:\Windows\System32 目录下:
查看SSL证书的绑定: netsh> http show sslcert
将证书与端口进行绑定: netsh>http add sslcert ipport=0.0.0.0:端口号 certhash=证书的指纹 appid={创建一个新的}
删除端口绑定的证书: netsh>http delete sslcert ipport=0.0.0.0:端口
private void btn_SSLBind_Click(object sender, EventArgs e) { //txt_Thumbprint.Text=得到指纹; //txt_Guid.Text =得到GUID; string param = "netsh http add sslcert ipport=0.0.0.0:9000 certhash=" + txt_Thumbprint.Text + " appid={" + txt_Guid.Text + "}"; Process p = Process.Start(txt_netsh.Text, param); p.WaitForExit(); p.Close(); MessageBox.Show("创建完毕!"); }
我们来看下IIS下面的服务器证书
代码下载
