windows 没有makecert的Windows中的自签名证书?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/187588/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Self Signed Certificate in Windows without makecert?
提问by Steve Wranovsky
We have a shrink wrap type Windows server application where we need to create a self signed certificate on the server to be used by some WCF web services. From our searches on the web, it appears that the makecert utility in the PlatformSDK from Microsoft cannot be distributed with our application, so we're looking for alternatives.
我们有一个收缩包装类型的 Windows 服务器应用程序,我们需要在服务器上创建一个自签名证书以供某些 WCF Web 服务使用。从我们在网络上的搜索来看,Microsoft PlatformSDK 中的 makecert 实用程序似乎无法与我们的应用程序一起分发,因此我们正在寻找替代方案。
Does anyone know how to use OpenSSL to create a certificate and get it into the Windows LocalMachine certificate store? Or, alternatively is it straight forward to insert the certificate into the store in a .NET application and should we just create the certificate file with openssl? Any help/suggestions would be appreciated.
有谁知道如何使用 OpenSSL 创建证书并将其放入 Windows LocalMachine 证书存储区?或者,是否可以直接将证书插入 .NET 应用程序的存储中,我们是否应该只使用 openssl 创建证书文件?任何帮助/建议将不胜感激。
采纳答案by Naveen
[Unfortunately, I can't comment on anything yet, so I'll post this as an answer.]
[不幸的是,我还不能对任何事情发表评论,所以我会将此作为答案发布。]
I see that this post is a bit old, but I'm in a similar boat and I found this in the Visual Studio 2008 redist.txt file:
我看到这篇文章有点旧,但我在类似的船上,我在 Visual Studio 2008 redist.txt 文件中找到了这个:
Windows SDK Files
Subject to the license terms for the software, the following files may be distributed unmodified:
MageUI.exe
Mage.exe
Makecert.exe
Not sure if something has changed (and if my interpretation is correct), but it looks like makecert.exe included as part of the Windows SDK, which is in-turn included as part of the VS2008 install can actually be redistributed.
不确定是否发生了某些变化(以及我的解释是否正确),但看起来 makecert.exe 作为 Windows SDK 的一部分包含在内,而它又作为 VS2008 安装的一部分包含在内,实际上可以重新分发。
回答by Vishal
You can now Create Self Signed Certificates with PowerShell The commands you need are New-SelfSignedCertificate and Export-PfxCertificate. Ex: to create a certificate
您现在可以使用 PowerShell 创建自签名证书您需要的命令是 New-SelfSignedCertificate 和 Export-PfxCertificate。例如:创建证书
New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname orin.windowsitpro.internal
to export it
导出它
Export-PfxCertificate -cert cert:\localMachine\my\CE0976529B02DE058C9CB2C0E64AD79DAFB18CF4 -FilePath e:\temp\cert.pfx -Password $pwd
This link is really helpful
这个链接真的很有帮助
https://www.itprotoday.com/powershell/creating-self-signed-certificates-powershell
https://www.itprotoday.com/powershell/creating-self-signed-certificates-powershell
回答by anon
One alternative for programmatically generating certificates is Bouncy Castle's C#-version. http://www.bouncycastle.org/csharp/
以编程方式生成证书的一种替代方法是 Bouncy Castle 的 C# 版本。 http://www.bouncycastle.org/csharp/
回答by blowdart
Woohoo! It's time for pinvoke for you
呜呼!是时候为你打电话了
crypt32 provides a CertCreateSelfSignCertificatefunction; if that succeeds you can store it in the user's personal store (or the machine store assuming you're working elevated)
crypt32 提供了一个CertCreateSelfSignCertificate函数;如果成功,您可以将其存储在用户的个人存储中(或假设您正在高架工作的机器存储中)
回答by Mike L
I haven't used OpenSSL, but I'm in the same boat and have found this article helpful:
我没有使用过 OpenSSL,但我在同一条船上,发现这篇文章很有帮助:
Securing WCF Services with Certificates
The author walks you through installing Microsoft Certificate Services, creating a CA that can be added to the trusted certificate authorities (on both client and server, since it's self signed), then generating client and server certificates that chain from the self-signed CA cert.
作者将引导您安装 Microsoft 证书服务,创建可以添加到受信任证书颁发机构的 CA(在客户端和服务器上,因为它是自签名的),然后生成从自签名 CA 证书链接的客户端和服务器证书.
You won't need the client certs, but it does help you to create a self-signed CA and server cert.
您不需要客户端证书,但它确实可以帮助您创建自签名 CA 和服务器证书。
