数字证书创建工具
这是一个自定义开发的数字证书生成工具。
引言
这是一个自定义开发的数字证书生成工具。它允许用户选择根证书详情(PVK 和 CER 文件)以自定义有效期。该工具还允许浏览存储并查看所选证书的属性,并且这些属性的上下文菜单允许将任何属性复制到剪贴板。
Using the Code
该工具可以完全自定义以创建数字证书。
当前版本接受一些参数,包括根证书详情以创建新的证书。
应用程序需要以管理员权限运行。一旦应用程序启动,主窗口将出现,允许您设置一些参数。当前版本已针对我的使用进行了定制,您可以添加更多选项。
//
// Tool utilize .NET process functionality to execute the command to create certificate
//
Process p = new Process();
p.StartInfo.UseShellExecute = false;
// Redirect the output stream of the child process.
p.StartInfo.RedirectStandardOutput = true;
p.StartInfo.ErrorDialogParentHandle = this.Handle;
p.StartInfo.FileName = sCommand;
p.StartInfo.Arguments = sArguments + sbOutPutFile.ToString();
p.StartInfo.CreateNoWindow = true;
p.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
p.Start();
MakeCert 语法如下,并且附带的源代码允许您添加/自定义任何参数。
Usage: MakeCert [ basic|extended options] [outputCertificateFile]
Basic Options
-sk <keyName> Subject's key container name; To be created if not present
-pe Mark generated private key as exportable
-ss <store> Subject's certificate store name that stores the output
certificate
-sr <location> Subject's certificate store location.
<CurrentUser|LocalMachine>. Default to 'CurrentUser'
-# <number> Serial Number from 1 to 2^31-1. Default to be unique
-$ <authority> The signing authority of the certificate
<individual|commercial>
-n <X509name> Certificate subject X500 name (eg: CN=Fred Dews)
-? Return a list of basic options
-! Return a list of extended options
Extended Options
-tbs <file> Certificate or CRL file to be signed
-sc <file> Subject's certificate file
-sv <pvkFile> Subject's PVK file; To be created if not present
-ic <file> Issuer's certificate file
-ik <keyName> Issuer's key container name
-iv <pvkFile> Issuer's PVK file
-is <store> Issuer's certificate store name.
-ir <location> Issuer's certificate store location
<CurrentUser|LocalMachine>. Default to 'CurrentUser'
-in <name> Issuer's certificate common name.(eg: Fred Dews)
-a <algorithm> The signature algorithm
<md5|sha1|sha256|sha384|sha512>. Default to 'sha1'
-ip <provider> Issuer's CryptoAPI provider's name
-iy <type> Issuer's CryptoAPI provider's type
-sp <provider> Subject's CryptoAPI provider's name
-sy <type> Subject's CryptoAPI provider's type
-iky <keytype> Issuer key type
<signature|exchange|<integer>>.
-sky <keytype> Subject key type
<signature|exchange|<integer>>.
-l <link> Link to the policy information (such as a URL)
-cy <certType> Certificate types
<end|authority>
-b <mm/dd/yyyy> Start of the validity period; default to now.
-m <number> The number of months for the cert validity period
-e <mm/dd/yyyy> End of validity period; defaults to 2039
-h <number> Max height of the tree below this cert
-len <number> Generated Key Length (Bits)
-r Create a self signed certificate
-nscp Include Netscape client auth extension
-crl Generate a CRL instead of a certificate
-eku <oid[<,oid>]> Comma separated enhanced key usage OIDs
-? Return a list of basic options
-! Return a list of extended options
请在下方找到 makecert 的示例命令
makecert -sk ABCSIT -iv HCAWRoot.pvk -n "CN=ABCSIT"
-ic HCAWRoot.cer -sr localmachine -ss my -sky exchange –pe -e 03/21/2014
"查看证书" 按钮允许用户从存储中选择任何证书并查看其属性。此选项还允许用户将证书导出为 PIX 格式供客户端使用。
//
//This section opens the certificate selection window (Screenshot given below)
//
X509Store store = new X509Store(CertStoreName, CertStoreLocation);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection selectedCert =
X509Certificate2UI.SelectFromCollection(store.Certificates,
"Select Certificate", "
Select Certificate to view details", X509SelectionFlag.SingleSelection, this.Handle);
一旦用户选择任何可用的证书,以下代码段将显示证书的属性。
//
//This section shows the certificate properties (Screenshot given below)
//
lblCertName.Text = Certificate.SubjectName.Name;
lblIssuer.Text = Certificate.IssuerName.Name;
lblSlNo.Text = Certificate.SerialNumber;
lblVersion.Text = Certificate.Version.ToString();
lblPrivateKey.Text = Certificate.HasPrivateKey.ToString();
lblSignAlgorithm.Text = Certificate.SignatureAlgorithm.FriendlyName;
lblThumbPrint.Text = Certificate.Thumbprint;
lblValidFrom.Text = Certificate.NotBefore.ToShortDateString();
lblValidTo.Text = Certificate.NotAfter.ToShortDateString();
查看证书选项使用以下代码打开 Windows 证书查看器
//
//This section open widows certificate viewer
//
X509Certificate2UI.DisplayCertificate(SelectedCert,this.Handle);
导出证书选项允许用户将选定的证书从“PIX”格式导出。
//
//This section shows the certificate properties (Screenshot given below)
//
X509Certificate2 x509 = SelectedCert;
if (x509 == null)
return;
NativeMethods.CRYPTUI_WIZ_EXPORT_INFO exportInfo =
new NativeMethods.CRYPTUI_WIZ_EXPORT_INFO();
exportInfo.dwSize = (uint)Marshal.SizeOf(
typeof(NativeMethods.CRYPTUI_WIZ_EXPORT_INFO));
//exportInfo.pwszExportFileName = @"C:\Anoop\tt.pfx";
exportInfo.dwSubjectChoice =
NativeMethods.CryptuiExportChoice.CRYPTUI_WIZ_EXPORT_CERT_CONTEXT;
exportInfo.pCertContext = x509.Handle;
exportInfo.cStores = 0;
IntPtr pExportInfo = Marshal.AllocHGlobal((int)exportInfo.dwSize);
Marshal.StructureToPtr(exportInfo, pExportInfo, false);
NativeMethods.CryptUIWizExport(0, IntPtr.Zero,
"Export of Certificate", pExportInfo, IntPtr.Zero);
NativeMethods 类有助于打开导出向导
static internal class NativeMethods
{
internal enum CryptuiExportChoice : uint
{
CRYPTUI_WIZ_EXPORT_CERT_CONTEXT = 1,
CRYPTUI_WIZ_EXPORT_CTL_CONTEXT = 2,
CRYPTUI_WIZ_EXPORT_CRL_CONTEXT = 3,
CRYPTUI_WIZ_EXPORT_CERT_STORE = 4,
CRYPTUI_WIZ_EXPORT_CERT_STORE_CERTIFICATES_ONLY = 5,
CRYPTUI_WIZ_EXPORT_FORMAT_CRL = 6,
CRYPTUI_WIZ_EXPORT_FORMAT_CTL = 7
}
[StructLayout(LayoutKind.Sequential)]
internal struct CRYPTUI_WIZ_EXPORT_INFO
{
internal uint dwSize;
internal string pwszExportFileName;
internal CryptuiExportChoice dwSubjectChoice;
internal IntPtr pCertContext;
internal uint cStores;
internal HCERTSTORE rghStores;
};
[DllImport("Cryptui.dll", CharSet = CharSet.Unicode,
ExactSpelling = true, SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
internal static extern bool CryptUIWizExport(uint dwFlags,
HWND hwndParent, string pwszWizardTitle,
IntPtr pExportInfo, IntPtr pvoid);
}
关注点
此工具需要系统的管理员权限。
该工具使用传统的“makecert”命令来创建证书。
历史
- 版本 1.0