如何检查是否安装了ssl证书
本文关键字:安装 ssl 证书 是否 何检查 检查 | 更新日期: 2023-09-27 18:00:42
我使用此代码安装自签名证书(用户必须确认安装)。
// Constructor
public MainPage()
{
this.Loaded += new RoutedEventHandler(MainPage_Loaded);
}
private async void MainPage_Loaded(object sender, RoutedEventArgs e)
{
try
{
StorageFolder packageLocation = Windows.ApplicationModel.Package.Current.InstalledLocation;
StorageFolder certificateFolder = await packageLocation.GetFolderAsync("Certificates");
StorageFile certificate = await certificateFolder.GetFileAsync("myCer.cer");
await Launcher.LaunchFileAsync(certificate);
}
catch (Exception ex)
{
MessageBox.Show(ex.Message.ToString());
}
}
是否可以检查证书是否已经安装,这样我就不必每次启动应用程序时都安装它了?
证书可以通过多种方式进行比较,但最常见的两种是
- 按指纹
- 公钥的加密哈希
- 根据请求计算–不存储在证书中
- 在所有证书中唯一
- 使用抗冲突哈希算法时很难伪造(http://en.wikipedia.org/wiki/Preimage_attack)
- 按序列号和发行人
- 在使用PKI时必须是唯一的
- 无需计算,比较速度更快
- 只有在验证链信任时才能被信任。攻击者可以使用选定的序列号和颁发者名称生成自签名证书
代码中:
X509Certificate cert1 = /* your cert */;
X509Certificate cert2 = /* your other cert */;
// assuming you are validating pki chain
// X509Certificate compares the serial number and issuer
bool matchUsingSerialAndIssuer = cert1.Equals(cert2);
// otherwise
bool publicKeyIsIdentical = cert1.GetCertHashString() == cert2.GetCertHashString();
// or easier to read if using X509Certificate2 (Thumbprint calls GetCertHashString)
// bool publicKeyIsIdentical = cert1.Thumbprint == cert2.Thumbprint;
为什么不尝试这样的方法来查找证书呢?还要将此名称空间包含到您的项目System.Security.Cryptography.X509Certificates中;如果你不能使用X509,你可以更改下面的代码,为证书使用不同的类型。
private static X509Certificate2 GetCertificateFromStore(string certSN)
{
X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
try
{
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection col = store.Certificates;
foreach (var currCert in col)
{
var currSN = currCert.SerialNumber;
if (certSN.ToUpperInvariant() == currSN)
{
return currCert; // you found it return it
break;
}
}
return null; // you didnt now install it...
}
finally
{
store.Close();
}
}