您的位置: 首页  >  技术问答  >  system.security.cryptography.x509certificates无法验证

system.security.cryptography.x509certificates无法验证

分类: 技术问答 2022-05-13 17:24:50
问题描述:

面对一个非常奇怪的问题X509Certificate2.Verify()为有效证书返回false。也许有些人以前已经面对过这种奇怪的情况,并可以对此发出一些启发。system.security.cryptography.x509certificates无法验证

我使用makecert产生用于测试目的客户端证书,它做工精细,我可以读取的证书....但是校验功能总是返回false, 我写这篇文章的CMD:

makecert -r -pe -n "client1" -b 01/01/2005 -e 01/01/2020 -sky exchange -ss certifcat

当我写:

X509Certificate2 x509_2 = LoadCertificate(StoreLocation.CurrentUser, "client1"); 
Console.WriteLine("Verify " + x509_2.Verify()); // the output : false

任何机构可以帮助?

编辑: 的的certutil -verify d输出:\ test.cer:

Issuer: 
    CN=WWW.AGGREGATEDINTELLIGENCE.COM 
    Name Hash(sha1): 553fd856f55d46239156546a1693dd5e160f0eed 
    Name Hash(md5): dec1c115101d31de7502eee9fb7e6e4b 
Subject: 
    CN=WWW.AGGREGATEDINTELLIGENCE.COM 
    Name Hash(sha1): 553fd856f55d46239156546a1693dd5e160f0eed 
    Name Hash(md5): dec1c115101d31de7502eee9fb7e6e4b 
Cert Serial Number: 8aa4007cd7a02e8045301ccb11369bb2 

dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000) 
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000) 
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000) 
HCCE_LOCAL_MACHINE 
CERT_CHAIN_POLICY_BASE 
-------- CERT_CHAIN_CONTEXT -------- 
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) 
ChainContext.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20) 

SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) 
SimpleChain.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20) 

CertContext[0][0]: dwInfoStatus=109 dwErrorStatus=20 
    Issuer: CN=WWW.AGGREGATEDINTELLIGENCE.COM 
    NotBefore: 1/1/2005 12:00 AM 
    NotAfter: 1/1/2020 12:00 AM 
    Subject: CN=WWW.AGGREGATEDINTELLIGENCE.COM 
    Serial: 8aa4007cd7a02e8045301ccb11369bb2 
    Cert: c6388297376cfde5742b3bd2a217ba1c728bc005 
    Element.dwInfoStatus = CERT_TRUST_HAS_EXACT_MATCH_ISSUER (0x1) 
    Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8) 
    Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) 
    Element.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20) 

Exclude leaf cert: 
    Chain: da39a3ee5e6b4b0d3255bfef95601890afd80709 
Full chain: 
    Chain: c6388297376cfde5742b3bd2a217ba1c728bc005 
------------------------------------ 
Verified Issuance Policies: All 
Verified Application Policies: All 
Cannot check leaf certificate revocation status 
CertUtil: -verify command completed successfully.

,需要考虑两件事情:使用deprecatedmakecert.exe

  1. 停止。相反,您应该考虑使用New-SelfSignedCertificate PowerShell cmdlet生成测试证书。

  2. 问题是证书不是由受信任的机构颁发的。您必须将证书的副本安装到LocalMachine\Root商店。

+0

我该怎么办才能将证书的副本安装到LocalMachine \ Root?我按照这个步骤,但它没有工作: https://technet.microsoft.com/en-us/library/cc754841(v=ws.11).aspx – code

+0

将您的证书导出到CER文件并运行以下命令: 'certutil -verify path \ certfile.cer'并在你的问题中发布输出。 – Crypt32

+0

我做你想做的和我上面的问题的输出......但是当我运行该项目的verfiy给我虚假 – code

相关推荐