要为IIS开启https访问,需要先生成一个证书,找了找用openssl.net最省事,代码如下:
-
- RSA rsa = new RSA();
- BigNumber number = OpenSSL.Core.Random.Next(10, 10, 1);
- rsa.GenerateKeys(1024, number, null, null);
- CryptoKey key = new CryptoKey(rsa);
-
-
- X509Certificate x509 = new X509Certificate();
- x509.SerialNumber = (int)DateTime.Now.Ticks;
- x509.Subject = new X509Name("CN=DOMAIN");
- x509.Issuer = new X509Name("CN=DOMAIN");
- x509.PublicKey = key;
- x509.NotBefore = Convert.ToDateTime("2011-1-1");
- x509.NotAfter = Convert.ToDateTime("2050-1-1");
- x509.Version = 2;
-
-
- x509.Sign(key, MessageDigest.MD5);
-
-
- BIO x509bio = BIO.File("C:\\CA.crt", "w");
- x509.Write(x509bio);
-
-
- var certs = new OpenSSL.Core.Stack<X509Certificate>();
- PKCS12 p12 = new PKCS12("PASSWORD", key, x509, certs);
- BIO p12Bio = BIO.File("C:\\CA.pfx", "w");
- p12.Write(p12Bio);
-
-
- rsa.Dispose();
- x509.Dispose();
- x509bio.Dispose();
- p12.Dispose();
- p12Bio.Dispose();
注意生成pfx时,证书链必须是空的,不能把自己加进去,否则证书看起来虽然没问题,但是绑定到iis时会出错。
本文转自 BoyTNT 51CTO博客,原文链接:http://blog.51cto.com/boytnt/774885,如需转载请自行联系原作者