chrome 58弃用自签名的证书,省略主题替代名称(SAN(。我使用mono.security.x509 x509certificateBuilder((在" localhost"上为Windows Owin服务创建证书,使浏览器能够与Twain扫描仪进行通信。该证书当前仅设置通用名称,因此不足Chrome 58。
创建一个自签名证书的正确方法是什么,该证书使Chrome能够使用Mono.Security.x509?
在Localhost上与Owin服务进行通信 RSA subjectKey = new RSACryptoServiceProvider(2048);
X509CertificateBuilder cb = new X509CertificateBuilder(3);
cb.SerialNumber = GenerateSerialNumber();
cb.IssuerName = "CN=localhost";
cb.NotBefore = notBefore;
cb.NotAfter = notAfter;
cb.SubjectName = "CN=localhost";
cb.SubjectPublicKey = subjectKey;
cb.Hash = "SHA256";
byte[] rawcert = cb.Sign(subjectKey);
PKCS12 p12 = new PKCS12();
p12.Password = password;
Hashtable attributes = GetAttributes();
p12.AddCertificate(new X509Certificate(rawcert), attributes);
p12.AddPkcs8ShroudedKeyBag(subjectKey, attributes);
return p12.GetBytes();
var san = new SubjectAltNameExtension(new string[0], new string[1] { "localhost" }, new string[0], new string[0]);
cb.Extensions.Add(san);
我在jexus Manager中测试了这一点,
https://github.com/jexuswebserver/jexusmanager/blob/master/jexusmanager.features.certificates/selfcertificatificatificatificatificatificatificatificatificatificatedialog.cs