sky*_*ner 10 x509certificate2 x509certificate docker identityserver4
我们正在 Kubernetes 上开发微服务应用程序。微服务之一是 IdentityServer 实例。最初,我想在 Docker 上本地测试该解决方案以确保其有效。为此,我想将证书复制到 appsettings.json。最终,该值将被 Kubernetes 密钥替换。在我的启动课程中,这就是我尝试加载证书的方式:
services.AddIdentityServer()
.AddSigningCredential(GetIdentityServerCertificate())
.AddConfigurationStore(...
private X509Certificate2 GetIdentityServerCertificate()
{
var clientSecret = Configuration["Certificate"];
var pfxBytes = Convert.FromBase64String(clientSecret);
var certificate = new X509Certificate2(pfxBytes, "PasswordHere");
return certificate;
}
该证书是我使用 openssl 生成的:
openssl req –newkey rsa:2048 –nodes –keyout XXXXX.key –x509 –days 365 –out XXXXX.cer
openssl pkcs12 –export –in XXXX.cer –inkey XXXX.key –out XXXX.pfx
然后我使用以下方法获得证书:
$pfxFilePath = 'C:\XXXX.pfx'
$pwd = 'PasswordHere'
$flag = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable
$collection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
$collection.Import($pfxFilePath, $pwd, $flag)
$pkcs12ContentType = [System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12
$clearBytes = $collection.Export($pkcs12ContentType)
$fileContentEncoded = [System.Convert]::ToBase64String($clearBytes)
我获取$fileContentEncoded值并将其粘贴到appsettings.json.
当我调试它时,结果是:error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure当我尝试X509Certificate2使用上述方法创建对象时。
当密码错误时,会出现 mac verify failure 错误。检查密钥的密码
openssl pkcs12 -in XXXX.pfx
| 归档时间: |
|
| 查看次数: |
9613 次 |
| 最近记录: |