CERTIFICATE Archives - icodebroker

[PYTHON/HTTPX] get 함수 : verify 인자를 사용해 인증서 설정하기

■ get 함수의 verify 인자를 사용해 인증서 파일을 설정하는 방법을 보여준다. ▶ 예제 코드 (PY)


import httpx

response = httpx.get(url = "https:/127.0.0.1:443", verify = "./certificate.pem")

print(response.status_code)

import httpx

response = httpx.get(url = "https:/127.0.0.1:443", verify = "./certificate.pem")

print(response.status_code)

[PYTHON/HTTPX] get 함수 : verify 인자를 사용해 HTTPS 인증서 검증 무시하기

■ get 함수의 verify 인자를 사용해 HTTPS 인증서의 검증을 무시하는 방법을 보여준다. ▶ 예제 코드 (PY)


import httpx

response = httpx.get("https://www.daum.net", verify = False)

print(response.status_code) # 200

import httpx

response = httpx.get("https://www.daum.net", verify = False)

print(response.status_code) # 200

[OS/UBUNTU] openssl 명령 : 인증서 서명 요청(CSD) 파일 생성하기

■ openssl 명령을 사용해 인증서 서명 요청(CSD) 파일을 생성하는 방법을 보여준다. 1. CTRL + ALT + T 키를 눌러서 [터미널]을 실행한다. 2.

[OS/UBUNTU] openssl 명령 : 인증서 파일 생성하기

■ openssl 명령을 사용해 인증서 파일을 생성하는 방법을 보여준다. 1. CTRL + ALT + T 키를 눌러서 [터미널]을 실행한다. 2. [터미널]에서 아래

[C#/COMMON/.NET6] HttpClient 클래스 : 특정 인증서 오류 무시하기

■ HttpClient 클래스 사용시 특정 인증서 오류를 무시하는 방법을 보여준다. ▶ 예제 코드 (C#)


using System.Net.Security;

using(HttpClientHandler httpClientHandler = new HttpClientHandler())
{
    httpClientHandler.ServerCertificateCustomValidationCallback = (message, certificates, chain, sslPolicyErrors) =>
    {
        if(sslPolicyErrors == SslPolicyErrors.None)
        {
            return true;
        }

        if(certificates.GetCertHashString() == "99E92D8447AEF30483B1D7527812C9B7B3A915A7")
        {
            return true;
        }

        return false;
    };

    using(HttpClient httpClient = new HttpClient(httpClientHandler))
    {
        HttpResponseMessage responseMessage = httpClient.GetAsync("https://example.com").Result;
    }
}

using System.Net.Security;

using(HttpClientHandler httpClientHandler = new HttpClientHandler())

{

httpClientHandler.ServerCertificateCustomValidationCallback = (message, certificates, chain, sslPolicyErrors) =>

{

if(sslPolicyErrors == SslPolicyErrors.None)

{

return true;

}

if(certificates.GetCertHashString() == "99E92D8447AEF30483B1D7527812C9B7B3A915A7")

{

return true;

}

return false;

};

using(HttpClient httpClient = new HttpClient(httpClientHandler))

{

HttpResponseMessage responseMessage = httpClient.GetAsync("https://example.com").Result;

}

[C#/COMMON] ServicePointManager 클래스 : ServerCertificateValidationCallback 속성을 사용해 특정 인증서 오류 무시하기

■ ServicePointManager 클래스의 ServerCertificateValidationCallback 속성을 사용해 특정 인증서 오류를 무시하는 방법을 보여준다. ▶ 예제 코드 (C#)


using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;

ServicePointManager.ServerCertificateValidationCallback += delegate (object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
    if(sslPolicyErrors == SslPolicyErrors.None)
    {
        return true;
    }

    if(certificate.GetCertHashString() == "99E92D8447AEF30483B1D7527812C9B7B3A915A7")
    {
        return true;
    }

    return false;
};

using System.Net;

using System.Net.Security;

using System.Security.Cryptography.X509Certificates;

ServicePointManager.ServerCertificateValidationCallback += delegate (object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)

{

if(sslPolicyErrors == SslPolicyErrors.None)

{

return true;

}

if(certificate.GetCertHashString() == "99E92D8447AEF30483B1D7527812C9B7B3A915A7")

{

return true;

}

return false;

};

[POWERSHELL] 인증서 조회하기

■ 인증서를 조회하는 방법을 보여준다. ▶ 실행 명령


Set-Location Cert:\CurrentUser\My

Get-ChildItem | Format-Table Subject, FriendlyName, Thumbprint

또는

CD Cert:\CurrentUser\My

Get-ChildItem | Format-Table Subject, FriendlyName, Thumbprint

Set-Location Cert:\CurrentUser\My

Get-ChildItem | Format-Table Subject, FriendlyName, Thumbprint

또는

CD Cert:\CurrentUser\My

Get-ChildItem | Format-Table Subject, FriendlyName, Thumbprint

[POWERSHELL] New-SelfSignedCertificate 명령 : UWP 패키지 서명용 인증서 만들기

■ New-SelfSignedCertificate 명령을 사용해 UWP 패키지 서명용 인증서를 만드는 방법을 보여준다. ▶ 실행 명령


$subject = "CN=icodebroker"       # 게시자명
$store   = "Cert:\CurrentUser\My" # 인증서 저장 경로
New-SelfSignedCertificate `
    -Type Custom `
    -Subject $subject `
    -KeyUsage DigitalSignature `
    -FriendlyName "ICODEBROKER" ` # 인증서 표시명
    -CertStoreLocation $store `
    -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.3", "2.5.29.19={text}")

$subject = "CN=icodebroker" # 게시자명

$store = "Cert:\CurrentUser\My" # 인증서 저장 경로

New-SelfSignedCertificate `

-Type Custom `

-Subject $subject `

-KeyUsage DigitalSignature `

-FriendlyName "ICODEBROKER" ` # 인증서 표시명

-CertStoreLocation $store `

-TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.3", "2.5.29.19={text}")

[C#/COMMON] BouncyCastle 누겟 설치하기

■ BouncyCastle 누겟을 설치하는 방법을 보여준다. 1. Visual Studio를 실행한다. 2. [도구] / [NuGet 패키지 관리자] / [패키지 관리자 콘솔] 메뉴를 실행한다.

[C#/COMMON/OPENPOP] Pop3Client 클래스 : Connect 메소드를 사용해 서버 인증서 검증하기

■ Pop3Client 클래스의 Connect 메소드를 사용해 서버 인증서를 검증하는 방법을 보여준다. ▶ Program.cs


using System.Net.Security;
using System.Security.Cryptography.X509Certificates;

using OpenPop.Pop3;

namespace TestProject
{
    /// <summary>
    /// 프로그램
    /// </summary>
    class Program
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Method
        ////////////////////////////////////////////////////////////////////////////////////////// Static
        //////////////////////////////////////////////////////////////////////////////// Private

        #region 원격 인증서 검증 콜백 처리하기 - RemoteCertificateValidationCallback(sender, certificate, chain, sslpolicyerrors)

        /// <summary>
        /// 원격 인증서 검증 콜백 처리하기
        /// </summary>
        /// <param name="sender">이벤트 발생자</param>
        /// <param name="certificate">X.509 인증서</param>
        /// <param name="chain">X.509 체인</param>
        /// <param name="sslpolicyerrors">SSL 정책 에러</param>
        /// <returns>처리 결과</returns>
        private static bool RemoteCertificateValidationCallback
        (
            object          sender,
            X509Certificate certificate,
            X509Chain       chain,
            SslPolicyErrors sslpolicyerrors
        )
        {
            // SSLPolicyErrors가 있는지 확인해야 하지만 여기서는 단순히 인증서가 정상이라고 말하고 신뢰한다.
            return true;
        }

        #endregion
        #region SSL 인증서 체크하기 - CheckSSLCertificate(hostName, port, timeout)

        /// <summary>
        /// SSL 인증서 체크하기
        /// </summary>
        /// <param name="hostName">호스트명</param>
        /// <param name="port">포트</param>
        /// <param name="timeout">타임아웃</param>
        private static void CheckSSLCertificate(string hostName, int port, int timeout)
        {
            using(Pop3Client client = new Pop3Client())
            {
                client.Connect(hostName, port, true, timeout, timeout, RemoteCertificateValidationCallback);
            }
        }

        #endregion
        #region 프로그램 시작하기 - Main()

        /// <summary>
        /// 프로그램 시작하기
        /// </summary>
        private static void Main()
        {
            string hostName = "pop.naver.com";
            int    port     = 995;

            CheckSSLCertificate(hostName, port, 3000);
        }

        #endregion
    }
}

using System.Net.Security;

using System.Security.Cryptography.X509Certificates;

using OpenPop.Pop3;

namespace TestProject

{

/// <summary>

/// 프로그램

/// </summary>

class Program

{

//////////////////////////////////////////////////////////////////////////////////////////////////// Method

////////////////////////////////////////////////////////////////////////////////////////// Static

//////////////////////////////////////////////////////////////////////////////// Private

#region 원격 인증서 검증 콜백 처리하기 - RemoteCertificateValidationCallback(sender, certificate, chain, sslpolicyerrors)

/// <summary>

/// 원격 인증서 검증 콜백 처리하기

/// </summary>

/// <param name="sender">이벤트 발생자</param>

/// <param name="certificate">X.509 인증서</param>

/// <param name="chain">X.509 체인</param>

/// <param name="sslpolicyerrors">SSL 정책 에러</param>

/// <returns>처리 결과</returns>

private static bool RemoteCertificateValidationCallback

(

object sender,

X509Certificate certificate,

X509Chain chain,

SslPolicyErrors sslpolicyerrors

)

{

// SSLPolicyErrors가 있는지 확인해야 하지만 여기서는 단순히 인증서가 정상이라고 말하고 신뢰한다.

return true;

}

#endregion

#region SSL 인증서 체크하기 - CheckSSLCertificate(hostName, port, timeout)

/// <summary>

/// SSL 인증서 체크하기

/// </summary>

/// <param name="hostName">호스트명</param>

/// <param name="port">포트</param>

/// <param name="timeout">타임아웃</param>

private static void CheckSSLCertificate(string hostName, int port, int timeout)

{

using(Pop3Client client = new Pop3Client())

{

client.Connect(hostName, port, true, timeout, timeout, RemoteCertificateValidationCallback);

}

#endregion

#region 프로그램 시작하기 - Main()

/// <summary>

/// 프로그램 시작하기

/// </summary>

private static void Main()

{

string hostName = "pop.naver.com";

int port = 995;

CheckSSLCertificate(hostName, port, 3000);

}

#endregion

}

TestProject.zip

[C#/COMMON] X.509 인증서 만들기

■ X.509 인증서를 만드는 방법을 보여준다. ▶ Program.cs


using System;
using System.Collections.Generic;
using System.Security.Cryptography.X509Certificates;

namespace TestProject
{
    /// <summary>
    /// 프로그램
    /// </summary>
    class Program
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Method
        ////////////////////////////////////////////////////////////////////////////////////////// Static
        //////////////////////////////////////////////////////////////////////////////// Private

        #region 프로그램 시작하기 - Main()

        /// <summary>
        /// 프로그램 시작하기
        /// </summary>
        private static void Main()
        {
            bool result = NetworkHelper.DeletePortBinding(443);

            Console.WriteLine("포트 바인딩 삭제 결과 : " + result);

            CertificateKeyPair rootCertificateKeyPair;

            DateTime fromDate = DateTime.Now.AddDays(-1);
            DateTime toDate   = fromDate.AddYears(1);

            X509Certificate2 rootCertificate = CertificateHelper.CreateRootCertificate
            (
                "CN=TestRootCA",
                fromDate,
                toDate,
                out rootCertificateKeyPair
            );

            List<string> sanList = new List<string>();

            sanList.Add("github.com");

            X509Certificate2 certificate = CertificateHelper.CreateCertificate
            (
                rootCertificate,
                rootCertificateKeyPair,
                "CN=Test",
                fromDate,
                toDate,
                sanList
            );

            CertificateHelper.Store(rootCertificate, StoreName.AuthRoot, StoreLocation.LocalMachine);

            CertificateHelper.Store(certificate, StoreName.My, StoreLocation.CurrentUser);

            result = NetworkHelper.BindToPort(certificate, 443, "A613FCA4-51D2-4C33-8377-362BB6D54A00");

            Console.WriteLine("포트 바인딩 결과 : " + result);

            result = NetworkHelper.FlushDNS();

            Console.WriteLine("DNS 플러시 결과 : " + result);

            CertificateHelper.SaveToCer(certificate, "d:\\test.cer");
            CertificateHelper.SaveToPfx(certificate, "d:\\test.pfx");
        }

        #endregion
    }
}

using System;

using System.Collections.Generic;

using System.Security.Cryptography.X509Certificates;

namespace TestProject

{

/// <summary>

/// 프로그램

/// </summary>

class Program

{

//////////////////////////////////////////////////////////////////////////////////////////////////// Method

////////////////////////////////////////////////////////////////////////////////////////// Static

//////////////////////////////////////////////////////////////////////////////// Private

#region 프로그램 시작하기 - Main()

/// <summary>

/// 프로그램 시작하기

/// </summary>

private static void Main()

{

bool result = NetworkHelper.DeletePortBinding(443);

Console.WriteLine("포트 바인딩 삭제 결과 : " + result);

CertificateKeyPair rootCertificateKeyPair;

DateTime fromDate = DateTime.Now.AddDays(-1);

DateTime toDate = fromDate.AddYears(1);

X509Certificate2 rootCertificate = CertificateHelper.CreateRootCertificate

(

"CN=TestRootCA",

fromDate,

toDate,

out rootCertificateKeyPair

);

List<string> sanList = new List<string>();

sanList.Add("github.com");

X509Certificate2 certificate = CertificateHelper.CreateCertificate

(

rootCertificate,

rootCertificateKeyPair,

"CN=Test",

fromDate,

toDate,

sanList

);

CertificateHelper.Store(rootCertificate, StoreName.AuthRoot, StoreLocation.LocalMachine);

CertificateHelper.Store(certificate, StoreName.My, StoreLocation.CurrentUser);

result = NetworkHelper.BindToPort(certificate, 443, "A613FCA4-51D2-4C33-8377-362BB6D54A00");

Console.WriteLine("포트 바인딩 결과 : " + result);

result = NetworkHelper.FlushDNS();

Console.WriteLine("DNS 플러시 결과 : " + result);

CertificateHelper.SaveToCer(certificate, "d:\\test.cer");

CertificateHelper.SaveToPfx(certificate, "d:\\test.pfx");

}

#endregion

}

▶ NetworkHelper.cs


using System.Diagnostics;
using System.Security.Cryptography.X509Certificates;

namespace TestProject
{
    /// <summary>
    /// 네트워크 헬퍼
    /// </summary>
    public static class NetworkHelper
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Method
        ////////////////////////////////////////////////////////////////////////////////////////// Static
        //////////////////////////////////////////////////////////////////////////////// Public

        #region 포트 바인딩하기 - BindToPort(x509Certificate2, port, applicationID)

        /// <summary>
        /// 포트 바인딩하기
        /// </summary>
        /// <param name="x509Certificate2">X.509 인증서 2</param>
        /// <param name="port">포트</param>
        /// <param name="applicationID">애플리케이션 ID</param>
        /// <returns>처리 결과</returns>
        public static bool BindToPort(X509Certificate2 x509Certificate2, int port, string applicationID)
        {
            string command = string.Format
            (
                "http add sslcert ipport=0.0.0.0:{0} certhash={1} appid={{{2}}}",
                port,
                x509Certificate2.Thumbprint,
                applicationID
            );

            Process process = new Process();

            process.StartInfo.FileName    = "netsh.exe";
            process.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
            process.StartInfo.Arguments   = command;

            process.Start();

            process.WaitForExit();

            return process.ExitCode == 0;
        }

        #endregion
        #region 포트 바인딩 삭제하기 - DeletePortBinding(port)

        /// <summary>
        /// 포트 바인딩 삭제하기
        /// </summary>
        /// <param name="port">포트</param>
        /// <returns>처리 결과</returns>
        public static bool DeletePortBinding(int port)
        {
            string command = string.Format("http delete sslcert ipport=0.0.0.0:{0}", port);

            Process process = new Process();

            process.StartInfo.FileName    = "netsh.exe";
            process.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
            process.StartInfo.Arguments   = command;

            process.Start();

            process.WaitForExit();

            return process.ExitCode == 0;
        }

        #endregion
        #region DNS 캐시 지우기 - FlushDNS()

        /// <summary>
        /// DNS 캐시 지우기
        /// </summary>
        /// <returns>처리 결과</returns>
        public static bool FlushDNS()
        {
            string command = string.Format("/flushdns");

            Process process = new Process();

            process.StartInfo.FileName    = "ipconfig.exe";
            process.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
            process.StartInfo.Arguments   = command;

            process.Start();

            process.WaitForExit();

            return process.ExitCode == 0;
        }

        #endregion
    }
}

100

using System.Diagnostics;

using System.Security.Cryptography.X509Certificates;

namespace TestProject

{

/// <summary>

/// 네트워크 헬퍼

/// </summary>

public static class NetworkHelper

{

//////////////////////////////////////////////////////////////////////////////////////////////////// Method

////////////////////////////////////////////////////////////////////////////////////////// Static

//////////////////////////////////////////////////////////////////////////////// Public

#region 포트 바인딩하기 - BindToPort(x509Certificate2, port, applicationID)

/// <summary>

/// 포트 바인딩하기

/// </summary>

/// <param name="x509Certificate2">X.509 인증서 2</param>

/// <param name="port">포트</param>

/// <param name="applicationID">애플리케이션 ID</param>

/// <returns>처리 결과</returns>

public static bool BindToPort(X509Certificate2 x509Certificate2, int port, string applicationID)

{

string command = string.Format

(

"http add sslcert ipport=0.0.0.0:{0} certhash={1} appid={{{2}}}",

port,

x509Certificate2.Thumbprint,

applicationID

);

Process process = new Process();

process.StartInfo.FileName = "netsh.exe";

process.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;

process.StartInfo.Arguments = command;

process.Start();

process.WaitForExit();

return process.ExitCode == 0;

}

#endregion

#region 포트 바인딩 삭제하기 - DeletePortBinding(port)

/// <summary>

/// 포트 바인딩 삭제하기

/// </summary>

/// <param name="port">포트</param>

/// <returns>처리 결과</returns>

public static bool DeletePortBinding(int port)

{

string command = string.Format("http delete sslcert ipport=0.0.0.0:{0}", port);

Process process = new Process();

process.StartInfo.FileName = "netsh.exe";

process.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;

process.StartInfo.Arguments = command;

process.Start();

process.WaitForExit();

return process.ExitCode == 0;

}

#endregion

#region DNS 캐시 지우기 - FlushDNS()

/// <summary>

/// DNS 캐시 지우기

/// </summary>

/// <returns>처리 결과</returns>

public static bool FlushDNS()

{

string command = string.Format("/flushdns");

Process process = new Process();

process.StartInfo.FileName = "ipconfig.exe";

process.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;

process.StartInfo.Arguments = command;

process.Start();

process.WaitForExit();

return process.ExitCode == 0;

}

#endregion

}

▶ CertificateKeyPair.cs


using Org.BouncyCastle.Crypto;

namespace TestProject
{
    /// <summary>
    /// 인증서 키 쌍
    /// </summary>
    public class CertificateKeyPair
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Field
        ////////////////////////////////////////////////////////////////////////////////////////// Private

        #region Field

        /// <summary>
        /// 비대칭 암호화 키 쌍
        /// </summary>
        private AsymmetricCipherKeyPair asymmetricCipherKeyPair;

        #endregion

        //////////////////////////////////////////////////////////////////////////////////////////////////// Property
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region 개인 키 - PrivateKey

        /// <summary>
        /// 개인 키
        /// </summary>
        public AsymmetricKeyParameter PrivateKey
        {
            get
            {
                return this.asymmetricCipherKeyPair.Private;
            }
        }

        #endregion
        #region 공개 키 - PublicKey

        /// <summary>
        /// 공개 키
        /// </summary>
        public AsymmetricKeyParameter PublicKey
        {
            get
            {
                return this.asymmetricCipherKeyPair.Public;
            }
        }

        #endregion

        //////////////////////////////////////////////////////////////////////////////////////////////////// Constructor
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region 생성자 - CertificateKeyPair(asymmetricCipherKeyPair)

        /// <summary>
        /// 생성자
        /// </summary>
        /// <param name="asymmetricCipherKeyPair">비대칭 암호화 키 쌍</param>
        public CertificateKeyPair(AsymmetricCipherKeyPair asymmetricCipherKeyPair)
        {
            this.asymmetricCipherKeyPair = asymmetricCipherKeyPair;
        }

        #endregion
    }
}

using Org.BouncyCastle.Crypto;

namespace TestProject

{

/// <summary>

/// 인증서 키 쌍

/// </summary>

public class CertificateKeyPair

{

//////////////////////////////////////////////////////////////////////////////////////////////////// Field

////////////////////////////////////////////////////////////////////////////////////////// Private

#region Field

/// <summary>

/// 비대칭 암호화 키 쌍

/// </summary>

private AsymmetricCipherKeyPair asymmetricCipherKeyPair;

#endregion

//////////////////////////////////////////////////////////////////////////////////////////////////// Property

////////////////////////////////////////////////////////////////////////////////////////// Public

#region 개인 키 - PrivateKey

/// <summary>

/// 개인 키

/// </summary>

public AsymmetricKeyParameter PrivateKey

{

get

{

return this.asymmetricCipherKeyPair.Private;

}

#endregion

#region 공개 키 - PublicKey

/// <summary>

/// 공개 키

/// </summary>

public AsymmetricKeyParameter PublicKey

{

get

{

return this.asymmetricCipherKeyPair.Public;

}

#endregion

//////////////////////////////////////////////////////////////////////////////////////////////////// Constructor

////////////////////////////////////////////////////////////////////////////////////////// Public

#region 생성자 - CertificateKeyPair(asymmetricCipherKeyPair)

/// <summary>

/// 생성자

/// </summary>

/// <param name="asymmetricCipherKeyPair">비대칭 암호화 키 쌍</param>

public CertificateKeyPair(AsymmetricCipherKeyPair asymmetricCipherKeyPair)

{

this.asymmetricCipherKeyPair = asymmetricCipherKeyPair;

}

#endregion

}

▶ CertificateHelper.cs


using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;

using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.X509;
using Org.BouncyCastle.X509.Extension;
using Org.BouncyCastle.Asn1;

using X509Certificate = Org.BouncyCastle.X509.X509Certificate;

namespace TestProject
{
    /// <summary>
    /// 인증서 헬퍼
    /// </summary>
    public class CertificateHelper
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Method
        ////////////////////////////////////////////////////////////////////////////////////////// Static
        //////////////////////////////////////////////////////////////////////////////// Public

        #region 루트 인증서 생성하기 - CreateRootCertificate(domainName, fromDate, toDate, certificateKeyPair, keySize)

        /// <summary>
        /// 루트 인증서 생성하기
        /// </summary>
        /// <param name="domainName">도메인명</param>
        /// <param name="fromDate">FROM 날짜</param>
        /// <param name="toDate">TO 날짜</param>
        /// <param name="certificateKeyPair">인증서 키 쌍</param>
        /// <param name="keySize">키 크기</param>
        /// <returns>X.509 인증서 2</returns>
        public static X509Certificate2 CreateRootCertificate
        (
            string                 domainName,
            DateTime               fromDate,
            DateTime               toDate,
            out CertificateKeyPair certificateKeyPair,
            int                    keySize = 1024
        )
        {
            RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();

            rsaKeyPairGenerator.Init(new KeyGenerationParameters(new SecureRandom(), keySize));

            AsymmetricCipherKeyPair cipherKeyPair = rsaKeyPairGenerator.GenerateKeyPair();

            X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();

            certificateGenerator.SetSerialNumber(BigInteger.ProbablePrime(120, new Random()));
            certificateGenerator.SetIssuerDN(new X509Name(domainName));
            certificateGenerator.SetNotBefore(fromDate);
            certificateGenerator.SetNotAfter(toDate);
            certificateGenerator.SetSubjectDN(new X509Name(domainName));
            certificateGenerator.SetPublicKey(cipherKeyPair.Public);
            certificateGenerator.SetSignatureAlgorithm("SHA1WithRSAEncryption");

            X509Certificate certificate = certificateGenerator.Generate
            (
                cipherKeyPair.Private,
                new SecureRandom()
            );

            certificate.Verify(cipherKeyPair.Public);

            certificateKeyPair = new CertificateKeyPair(cipherKeyPair);

            return new X509Certificate2(DotNetUtilities.ToX509Certificate(certificate));
        }

        #endregion
        #region 인증서 생성하기 - CreateCertificate(rootCertificate, certificateKeyPair, domainName, fromDate, toDate, sanEnumerable, keySize)

        /// <summary>
        /// 인증서 생성하기
        /// </summary>
        /// <param name="rootCertificate">루트 인증서</param>
        /// <param name="certificateKeyPair">인증서 키 쌍</param>
        /// <param name="domainName">도메인명</param>
        /// <param name="fromDate">FROM 날짜</param>
        /// <param name="toDate">TO 날짜</param>
        /// <param name="sanEnumerable">Subject Alternative Name 열거 가능형</param>
        /// <param name="keySize">키 크기</param>
        /// <returns>X.509 인증서 2</returns>
        public static X509Certificate2 CreateCertificate
        (
            X509Certificate2    rootCertificate,
            CertificateKeyPair  certificateKeyPair,
            string              domainName,
            DateTime            fromDate,
            DateTime            toDate,
            IEnumerable<string> sanEnumerable,
            int                 keySize = 1024
        )
        {
            new RsaKeyPairGenerator().Init(new KeyGenerationParameters(new SecureRandom(), keySize));

            RsaKeyPairGenerator keyPairGenerator = new RsaKeyPairGenerator();

            keyPairGenerator.Init(new KeyGenerationParameters(new SecureRandom(), keySize));

            AsymmetricCipherKeyPair cipherKeyPair = keyPairGenerator.GenerateKeyPair();

            X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();

            certificateGenerator.SetSerialNumber(BigInteger.ProbablePrime(120, new Random()));
            certificateGenerator.SetSubjectDN(new X509Name(domainName));
            certificateGenerator.SetIssuerDN(new X509Name(rootCertificate.SubjectName.Name));
            certificateGenerator.SetNotBefore(fromDate);
            certificateGenerator.SetNotAfter(toDate);
            certificateGenerator.SetPublicKey(cipherKeyPair.Public);
            certificateGenerator.SetSignatureAlgorithm("SHA1WithRSAEncryption");

            Asn1Encodable[] asn1EncodableArray = sanEnumerable.Select
            (
                name => (Asn1Encodable)new GeneralName(GeneralName.DnsName, name)
            ).ToArray();

            DerSequence derSequence = new DerSequence(asn1EncodableArray);

            certificateGenerator.AddExtension
            (
                X509Extensions.SubjectAlternativeName,
                false,
                derSequence
            );

            certificateGenerator.AddExtension
            (
                X509Extensions.AuthorityKeyIdentifier,
                false,
                new AuthorityKeyIdentifierStructure(DotNetUtilities.FromX509Certificate(rootCertificate))
            );

            certificateGenerator.AddExtension
            (
                X509Extensions.SubjectKeyIdentifier,
                false,
                new SubjectKeyIdentifierStructure(cipherKeyPair.Public)
            );

            X509Certificate certificate = certificateGenerator.Generate(certificateKeyPair.PrivateKey);

            certificate.Verify(certificateKeyPair.PublicKey);

            AsymmetricAlgorithm privateKey = GetPrivateKey((RsaPrivateCrtKeyParameters)cipherKeyPair.Private);

            X509Certificate2 certificate2 = new X509Certificate2(DotNetUtilities.ToX509Certificate(certificate));

            certificate2.PrivateKey = privateKey;

            return certificate2;
        }

        #endregion
        #region .cer 파일 저장하기 - SaveToCer(certificate, filePath)

        /// <summary>
        /// .cer 파일 저장하기
        /// </summary>
        /// <param name="certificate">인증서</param>
        /// <param name="filePath">파일 경로</param>
        public static void SaveToCer(X509Certificate2 certificate, string filePath)
        {
            byte[] byteArray = certificate.Export(X509ContentType.Cert);

            File.WriteAllBytes(filePath, byteArray);
        }

        #endregion
        #region .pfx 파일 저장하기 - SaveToPfx(certificate, filePath, password)

        /// <summary>
        /// .pfx 파일 저장하기
        /// </summary>
        /// <param name="certificate">인증서</param>
        /// <param name="filePath">파일 경로</param>
        /// <param name="password">패스워드</param>
        public static void SaveToPfx(X509Certificate2 certificate, string filePath, string password = null)
        {
            byte[] byteArray = certificate.Export(X509ContentType.Pfx, password);

            File.WriteAllBytes(filePath, byteArray);
        }

        #endregion
        #region 저장하기 - Store(certificate, storeName, storeLocation)

        /// <summary>
        /// 저장하기
        /// </summary>
        /// <param name="certificate">인증서</param>
        /// <param name="storeName">저장소명</param>
        /// <param name="storeLocation">저장 위치</param>
        public static void Store(X509Certificate2 certificate, StoreName storeName, StoreLocation storeLocation)
        {
            X509Store store = new X509Store(storeName, storeLocation);

            store.Open(OpenFlags.ReadWrite);

            store.Add(certificate);

            store.Close();
        }

        #endregion

        //////////////////////////////////////////////////////////////////////////////// Private

        #region 개인 키 구하기 - GetPrivateKey(rsaPrivateCrtKeyParameters)

        /// <summary>
        /// 개인 키 구하기
        /// </summary>
        /// <param name="rsaPrivateCrtKeyParameters">RSA 개인 인증서 키 매개 변수</param>
        /// <returns>개인 키</returns>
        private static AsymmetricAlgorithm GetPrivateKey(RsaPrivateCrtKeyParameters rsaPrivateCrtKeyParameters)
        {
            CspParameters cspParameters = new CspParameters
            {
                KeyContainerName = Guid.NewGuid().ToString(),
                KeyNumber        = (int)KeyNumber.Exchange,
                Flags            = CspProviderFlags.UseMachineKeyStore
            };

            RSACryptoServiceProvider rsaCryptoServiceProvider = new RSACryptoServiceProvider(cspParameters);

            RSAParameters rsaParameters = new RSAParameters
            {
                Modulus  = rsaPrivateCrtKeyParameters.Modulus.ToByteArrayUnsigned(),
                P        = rsaPrivateCrtKeyParameters.P.ToByteArrayUnsigned(),
                Q        = rsaPrivateCrtKeyParameters.Q.ToByteArrayUnsigned(),
                DP       = rsaPrivateCrtKeyParameters.DP.ToByteArrayUnsigned(),
                DQ       = rsaPrivateCrtKeyParameters.DQ.ToByteArrayUnsigned(),
                InverseQ = rsaPrivateCrtKeyParameters.QInv.ToByteArrayUnsigned(),
                D        = rsaPrivateCrtKeyParameters.Exponent.ToByteArrayUnsigned(),
                Exponent = rsaPrivateCrtKeyParameters.PublicExponent.ToByteArrayUnsigned()
            };

            rsaCryptoServiceProvider.ImportParameters(rsaParameters);

            return rsaCryptoServiceProvider;
        }

        #endregion
    }
}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

using System;

using System.Collections.Generic;

using System.IO;

using System.Linq;

using System.Security.Cryptography;

using System.Security.Cryptography.X509Certificates;

using Org.BouncyCastle.Asn1.X509;

using Org.BouncyCastle.Crypto;

using Org.BouncyCastle.Crypto.Generators;

using Org.BouncyCastle.Crypto.Parameters;

using Org.BouncyCastle.Math;

using Org.BouncyCastle.Security;

using Org.BouncyCastle.X509;

using Org.BouncyCastle.X509.Extension;

using Org.BouncyCastle.Asn1;

using X509Certificate = Org.BouncyCastle.X509.X509Certificate;

namespace TestProject

{

/// <summary>

/// 인증서 헬퍼

/// </summary>

public class CertificateHelper

{

//////////////////////////////////////////////////////////////////////////////////////////////////// Method

////////////////////////////////////////////////////////////////////////////////////////// Static

//////////////////////////////////////////////////////////////////////////////// Public

#region 루트 인증서 생성하기 - CreateRootCertificate(domainName, fromDate, toDate, certificateKeyPair, keySize)

/// <summary>

/// 루트 인증서 생성하기

/// </summary>

/// <param name="domainName">도메인명</param>

/// <param name="fromDate">FROM 날짜</param>

/// <param name="toDate">TO 날짜</param>

/// <param name="certificateKeyPair">인증서 키 쌍</param>

/// <param name="keySize">키 크기</param>

/// <returns>X.509 인증서 2</returns>

public static X509Certificate2 CreateRootCertificate

(

string domainName,

DateTime fromDate,

DateTime toDate,

out CertificateKeyPair certificateKeyPair,

int keySize = 1024

)

{

RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();

rsaKeyPairGenerator.Init(new KeyGenerationParameters(new SecureRandom(), keySize));

AsymmetricCipherKeyPair cipherKeyPair = rsaKeyPairGenerator.GenerateKeyPair();

X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();

certificateGenerator.SetSerialNumber(BigInteger.ProbablePrime(120, new Random()));

certificateGenerator.SetIssuerDN(new X509Name(domainName));

certificateGenerator.SetNotBefore(fromDate);

certificateGenerator.SetNotAfter(toDate);

certificateGenerator.SetSubjectDN(new X509Name(domainName));

certificateGenerator.SetPublicKey(cipherKeyPair.Public);

certificateGenerator.SetSignatureAlgorithm("SHA1WithRSAEncryption");

X509Certificate certificate = certificateGenerator.Generate

(

cipherKeyPair.Private,

new SecureRandom()

);

certificate.Verify(cipherKeyPair.Public);

certificateKeyPair = new CertificateKeyPair(cipherKeyPair);

return new X509Certificate2(DotNetUtilities.ToX509Certificate(certificate));

}

#endregion

#region 인증서 생성하기 - CreateCertificate(rootCertificate, certificateKeyPair, domainName, fromDate, toDate, sanEnumerable, keySize)

/// <summary>

/// 인증서 생성하기

/// </summary>

/// <param name="rootCertificate">루트 인증서</param>

/// <param name="certificateKeyPair">인증서 키 쌍</param>

/// <param name="domainName">도메인명</param>

/// <param name="fromDate">FROM 날짜</param>

/// <param name="toDate">TO 날짜</param>

/// <param name="sanEnumerable">Subject Alternative Name 열거 가능형</param>

/// <param name="keySize">키 크기</param>

/// <returns>X.509 인증서 2</returns>

public static X509Certificate2 CreateCertificate

(

X509Certificate2 rootCertificate,

CertificateKeyPair certificateKeyPair,

string domainName,

DateTime fromDate,

DateTime toDate,

IEnumerable<string> sanEnumerable,

int keySize = 1024

)

{

new RsaKeyPairGenerator().Init(new KeyGenerationParameters(new SecureRandom(), keySize));

RsaKeyPairGenerator keyPairGenerator = new RsaKeyPairGenerator();

keyPairGenerator.Init(new KeyGenerationParameters(new SecureRandom(), keySize));

AsymmetricCipherKeyPair cipherKeyPair = keyPairGenerator.GenerateKeyPair();

X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();

certificateGenerator.SetSerialNumber(BigInteger.ProbablePrime(120, new Random()));

certificateGenerator.SetSubjectDN(new X509Name(domainName));

certificateGenerator.SetIssuerDN(new X509Name(rootCertificate.SubjectName.Name));

certificateGenerator.SetNotBefore(fromDate);

certificateGenerator.SetNotAfter(toDate);

certificateGenerator.SetPublicKey(cipherKeyPair.Public);

certificateGenerator.SetSignatureAlgorithm("SHA1WithRSAEncryption");

Asn1Encodable[] asn1EncodableArray = sanEnumerable.Select

(

name => (Asn1Encodable)new GeneralName(GeneralName.DnsName, name)

).ToArray();

DerSequence derSequence = new DerSequence(asn1EncodableArray);

certificateGenerator.AddExtension

(

X509Extensions.SubjectAlternativeName,

false,

derSequence

);

certificateGenerator.AddExtension

(

X509Extensions.AuthorityKeyIdentifier,

false,

new AuthorityKeyIdentifierStructure(DotNetUtilities.FromX509Certificate(rootCertificate))

);

certificateGenerator.AddExtension

(

X509Extensions.SubjectKeyIdentifier,

false,

new SubjectKeyIdentifierStructure(cipherKeyPair.Public)

);

X509Certificate certificate = certificateGenerator.Generate(certificateKeyPair.PrivateKey);

certificate.Verify(certificateKeyPair.PublicKey);

AsymmetricAlgorithm privateKey = GetPrivateKey((RsaPrivateCrtKeyParameters)cipherKeyPair.Private);

X509Certificate2 certificate2 = new X509Certificate2(DotNetUtilities.ToX509Certificate(certificate));

certificate2.PrivateKey = privateKey;

return certificate2;

}

#endregion

#region .cer 파일 저장하기 - SaveToCer(certificate, filePath)

/// <summary>

/// .cer 파일 저장하기

/// </summary>

/// <param name="certificate">인증서</param>

/// <param name="filePath">파일 경로</param>

public static void SaveToCer(X509Certificate2 certificate, string filePath)

{

byte[] byteArray = certificate.Export(X509ContentType.Cert);

File.WriteAllBytes(filePath, byteArray);

}

#endregion

#region .pfx 파일 저장하기 - SaveToPfx(certificate, filePath, password)

/// <summary>

/// .pfx 파일 저장하기

/// </summary>

/// <param name="certificate">인증서</param>

/// <param name="filePath">파일 경로</param>

/// <param name="password">패스워드</param>

public static void SaveToPfx(X509Certificate2 certificate, string filePath, string password = null)

{

byte[] byteArray = certificate.Export(X509ContentType.Pfx, password);

File.WriteAllBytes(filePath, byteArray);

}

#endregion

#region 저장하기 - Store(certificate, storeName, storeLocation)

/// <summary>

/// 저장하기

/// </summary>

/// <param name="certificate">인증서</param>

/// <param name="storeName">저장소명</param>

/// <param name="storeLocation">저장 위치</param>

public static void Store(X509Certificate2 certificate, StoreName storeName, StoreLocation storeLocation)

{

X509Store store = new X509Store(storeName, storeLocation);

store.Open(OpenFlags.ReadWrite);

store.Add(certificate);

store.Close();

}

#endregion

//////////////////////////////////////////////////////////////////////////////// Private

#region 개인 키 구하기 - GetPrivateKey(rsaPrivateCrtKeyParameters)

/// <summary>

/// 개인 키 구하기

/// </summary>

/// <param name="rsaPrivateCrtKeyParameters">RSA 개인 인증서 키 매개 변수</param>

/// <returns>개인 키</returns>

private static AsymmetricAlgorithm GetPrivateKey(RsaPrivateCrtKeyParameters rsaPrivateCrtKeyParameters)

{

CspParameters cspParameters = new CspParameters

{

KeyContainerName = Guid.NewGuid().ToString(),

KeyNumber = (int)KeyNumber.Exchange,

Flags = CspProviderFlags.UseMachineKeyStore

};

RSACryptoServiceProvider rsaCryptoServiceProvider = new RSACryptoServiceProvider(cspParameters);

RSAParameters rsaParameters = new RSAParameters

{

Modulus = rsaPrivateCrtKeyParameters.Modulus.ToByteArrayUnsigned(),

P = rsaPrivateCrtKeyParameters.P.ToByteArrayUnsigned(),

Q = rsaPrivateCrtKeyParameters.Q.ToByteArrayUnsigned(),

DP = rsaPrivateCrtKeyParameters.DP.ToByteArrayUnsigned(),

DQ = rsaPrivateCrtKeyParameters.DQ.ToByteArrayUnsigned(),

InverseQ = rsaPrivateCrtKeyParameters.QInv.ToByteArrayUnsigned(),

D = rsaPrivateCrtKeyParameters.Exponent.ToByteArrayUnsigned(),

Exponent = rsaPrivateCrtKeyParameters.PublicExponent.ToByteArrayUnsigned()

};

rsaCryptoServiceProvider.ImportParameters(rsaParameters);

return rsaCryptoServiceProvider;

}

#endregion

}

※ 관리자 모드에서 실행해야

[C#/ASP.NET MVC/.NETCORE] dotnet dev-certs https 명령 : 개발 인증서 신뢰하기

■ dotnet dev-certs https 명령을 사용해 개발 인증서를 신뢰하는 방법을 보여준다. 1. [명령 프롬프트]를 실행한다. 2. [명령 프롬프트]에서 아래 명령을 실행한다. ▶

[C#/COMMON] 인증서 설치하기

■ 인증서를 설치하는 방법을 보여준다. ▶ Program.cs


using System;
using System.IO;
using System.Security.Cryptography.X509Certificates;

namespace TestProject
{
    /// <summary>
    /// 프로그램
    /// </summary>
    class Program
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Method
        ////////////////////////////////////////////////////////////////////////////////////////// Static
        //////////////////////////////////////////////////////////////////////////////// Private

        #region 프로그램 시작하기 - Main(argumentArray)

        /// <summary>
        /// 프로그램 시작하기
        /// </summary>
        /// <param name="argumentArray">인자 배열</param>
        private static void Main(string[] argumentArray)
        {
            if(argumentArray == null || argumentArray.Length < 1)
            {
                Console.WriteLine("프로그램 인자로 인증서 파일(.cer) 경로를 지정해 주시기 바랍니다.");

                return;
            }

            string filePath = argumentArray[0];

            if(!File.Exists(filePath))
            {
                Console.WriteLine("지정한 파일 경로에 파일이 존재하지 않습니다.");

                return;
            }

            try
            {
                InstallCertificate(StoreLocation.LocalMachine, StoreName.Root            , filePath);
                InstallCertificate(StoreLocation.LocalMachine, StoreName.TrustedPublisher, filePath);

                Console.WriteLine("인증서가 설치되었습니다 : {0}", filePath);
            }
            catch(Exception exception)
            {
                Console.WriteLine("인증서 설치시 에러가 발생했습니다.");
                Console.WriteLine(exception.ToString());
            }
        }

        #endregion

        #region 인증서 설치하기 - InstallCertificate(storeLocation, storeName, filePath)

        /// <summary>
        /// 인증서 설치하기
        /// </summary>
        /// <param name="storeLocation">저장 위치</param>
        /// <param name="storeName">저장명</param>
        /// <param name="filePath">파일 경로</param>
        private static void InstallCertificate(StoreLocation storeLocation, StoreName storeName, string filePath)
        {
            X509Store store = new X509Store(storeName, storeLocation);

            store.Open(OpenFlags.ReadWrite);

            store.Add(new X509Certificate2(X509Certificate2.CreateFromCertFile(filePath)));

            store.Close();
        }

        #endregion
    }
}

using System;

using System.IO;

using System.Security.Cryptography.X509Certificates;

namespace TestProject

{

/// <summary>

/// 프로그램

/// </summary>

class Program

{

//////////////////////////////////////////////////////////////////////////////////////////////////// Method

////////////////////////////////////////////////////////////////////////////////////////// Static

//////////////////////////////////////////////////////////////////////////////// Private

#region 프로그램 시작하기 - Main(argumentArray)

/// <summary>

/// 프로그램 시작하기

/// </summary>

/// <param name="argumentArray">인자 배열</param>

private static void Main(string[] argumentArray)

{

if(argumentArray == null || argumentArray.Length < 1)

{

Console.WriteLine("프로그램 인자로 인증서 파일(.cer) 경로를 지정해 주시기 바랍니다.");

return;

}

string filePath = argumentArray[0];

if(!File.Exists(filePath))

{

Console.WriteLine("지정한 파일 경로에 파일이 존재하지 않습니다.");

return;

}

try

{

InstallCertificate(StoreLocation.LocalMachine, StoreName.Root , filePath);

InstallCertificate(StoreLocation.LocalMachine, StoreName.TrustedPublisher, filePath);

Console.WriteLine("인증서가 설치되었습니다 : {0}", filePath);

}

catch(Exception exception)

{

Console.WriteLine("인증서 설치시 에러가 발생했습니다.");

Console.WriteLine(exception.ToString());

}

#endregion

#region 인증서 설치하기 - InstallCertificate(storeLocation, storeName, filePath)

/// <summary>

/// 인증서 설치하기

/// </summary>

/// <param name="storeLocation">저장 위치</param>

/// <param name="storeName">저장명</param>

/// <param name="filePath">파일 경로</param>

private static void InstallCertificate(StoreLocation storeLocation, StoreName storeName, string filePath)

{

X509Store store = new X509Store(storeName, storeLocation);

store.Open(OpenFlags.ReadWrite);

store.Add(new X509Certificate2(X509Certificate2.CreateFromCertFile(filePath)));

store.Close();

}

#endregion

}

※ 관리자 권한으로 실행해야 한다. TestProject.zip

[C#/COMMON] 인증서 요청 코드 생성하기

■ 인증서 요청 코드를 생성하는 방법을 보여준다. ▶ Program.cs


using System;
using System.Security.Cryptography.X509Certificates;

using CERTENROLLLib;

namespace TestProject
{
    /// <summary>
    /// 프로그램
    /// </summary>
    class Program
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Method
        ////////////////////////////////////////////////////////////////////////////////////////// Static
        //////////////////////////////////////////////////////////////////////////////// Private

        #region 프로그램 시작하기 - Main()

        /// <summary>
        /// 프로그램 시작하기
        /// </summary>
        private static void Main()
        {
            Console.Title = "인증서 요청 코드 생성하기";

            string result = Generate("CN=the10", StoreLocation.CurrentUser, "Microsoft RSA SChannel Cryptographic Provider", 1024);

            Console.WriteLine(result);
        }

        #endregion

        #region 생성하기 - Generate(subject, storeLocation, providerName, keyLength)

        /// <summary>
        /// 생성하기
        /// </summary>
        /// <param name="subject">제목</param>
        /// <param name="storeLocation">저장 위치</param>
        /// <param name="providerName">제공자명</param>
        /// <param name="keyLength">키 길이</param>
        /// <returns>인증서 요청 코드</returns>
        private static string Generate(string subject, StoreLocation storeLocation, string providerName, int keyLength)
        {
            CX509CertificateRequestPkcs10 cX509CertificateRequestPkcs10 = new CX509CertificateRequestPkcs10();

            CX509PrivateKey cX509PrivateKey = new CX509PrivateKey();

            CCspInformation cCspInformation = new CCspInformation();

            CCspInformations cCspInformations = new CCspInformations();

            CX500DistinguishedName cX500DistinguishedName = new CX500DistinguishedName();

            CX509Enrollment cX509Enrollment = new CX509Enrollment();

            CObjectIds cObjectIds = new CObjectIds();

            CObjectId cObjectId1 = new CObjectId();
            CObjectId cObjectId2 = new CObjectId();

            CX509ExtensionKeyUsage cX509ExtensionKeyUsage = new CX509ExtensionKeyUsage();

            CX509ExtensionEnhancedKeyUsage cX509ExtensionEnhancedKeyUsage = new CX509ExtensionEnhancedKeyUsage();

            string result = null;

            cCspInformations.AddAvailableCsps();

            cX509PrivateKey.ProviderName = providerName;
            cX509PrivateKey.Length       = keyLength;
            cX509PrivateKey.KeySpec      = X509KeySpec.XCN_AT_KEYEXCHANGE;
            cX509PrivateKey.KeyUsage     = X509PrivateKeyUsageFlags.XCN_NCRYPT_ALLOW_ALL_USAGES;

            if(storeLocation == StoreLocation.LocalMachine)
            {
                cX509PrivateKey.MachineContext = true;
            }
            else
            {
                cX509PrivateKey.MachineContext = false;
            }

            cX509PrivateKey.ExportPolicy    = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_FLAG;
            cX509PrivateKey.CspInformations = cCspInformations;

            cX509PrivateKey.Create();

            if(storeLocation == StoreLocation.LocalMachine)
            {
                cX509CertificateRequestPkcs10.InitializeFromPrivateKey
                (
                    X509CertificateEnrollmentContext.ContextMachine,
                    cX509PrivateKey,
                    string.Empty
                );
            }
            else
            {
                cX509CertificateRequestPkcs10.InitializeFromPrivateKey
                (
                    X509CertificateEnrollmentContext.ContextUser,
                    cX509PrivateKey,
                    string.Empty
                );
            }

            CObjectId hashCObjectId = new CObjectId();

            hashCObjectId.InitializeFromAlgorithmName
            (
                ObjectIdGroupId.XCN_CRYPT_HASH_ALG_OID_GROUP_ID,
                ObjectIdPublicKeyFlags.XCN_CRYPT_OID_INFO_PUBKEY_ANY,
                AlgorithmFlags.AlgorithmFlagsNone,
                "SHA256"
            );

            cX509CertificateRequestPkcs10.HashAlgorithm = hashCObjectId;

            cX509ExtensionKeyUsage.InitializeEncode
            (
                CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE |
                CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE
            );

            cX509CertificateRequestPkcs10.X509Extensions.Add((CX509Extension)cX509ExtensionKeyUsage);

            cObjectId1.InitializeFromValue("1.3.6.1.5.5.7.3.1");
            cObjectId2.InitializeFromValue("1.3.6.1.5.5.7.3.2");

            cObjectIds.Add(cObjectId1);
            cObjectIds.Add(cObjectId2);

            cX509ExtensionEnhancedKeyUsage.InitializeEncode(cObjectIds);

            cX509CertificateRequestPkcs10.X509Extensions.Add((CX509Extension)cX509ExtensionEnhancedKeyUsage);

            cX500DistinguishedName.Encode(subject, X500NameFlags.XCN_CERT_NAME_STR_SEMICOLON_FLAG);

            cX509CertificateRequestPkcs10.Subject = cX500DistinguishedName;

            cX509CertificateRequestPkcs10.SuppressDefaults = true;

            cX509Enrollment.InitializeFromRequest(cX509CertificateRequestPkcs10);

            result = cX509Enrollment.CreateRequest(EncodingType.XCN_CRYPT_STRING_BASE64);

            result = "-----BEGIN CERTIFICATE REQUEST-----\r\n" + result + "-----END CERTIFICATE REQUEST-----";

            return result;
        }

        #endregion
    }
}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

using System;

using System.Security.Cryptography.X509Certificates;

using CERTENROLLLib;

namespace TestProject

{

/// <summary>

/// 프로그램

/// </summary>

class Program

{

//////////////////////////////////////////////////////////////////////////////////////////////////// Method

////////////////////////////////////////////////////////////////////////////////////////// Static

//////////////////////////////////////////////////////////////////////////////// Private

#region 프로그램 시작하기 - Main()

/// <summary>

/// 프로그램 시작하기

/// </summary>

private static void Main()

{

Console.Title = "인증서 요청 코드 생성하기";

string result = Generate("CN=the10", StoreLocation.CurrentUser, "Microsoft RSA SChannel Cryptographic Provider", 1024);

Console.WriteLine(result);

}

#endregion

#region 생성하기 - Generate(subject, storeLocation, providerName, keyLength)

/// <summary>

/// 생성하기

/// </summary>

/// <param name="subject">제목</param>

/// <param name="storeLocation">저장 위치</param>

/// <param name="providerName">제공자명</param>

/// <param name="keyLength">키 길이</param>

/// <returns>인증서 요청 코드</returns>

private static string Generate(string subject, StoreLocation storeLocation, string providerName, int keyLength)

{

CX509CertificateRequestPkcs10 cX509CertificateRequestPkcs10 = new CX509CertificateRequestPkcs10();

CX509PrivateKey cX509PrivateKey = new CX509PrivateKey();

CCspInformation cCspInformation = new CCspInformation();

CCspInformations cCspInformations = new CCspInformations();

CX500DistinguishedName cX500DistinguishedName = new CX500DistinguishedName();

CX509Enrollment cX509Enrollment = new CX509Enrollment();

CObjectIds cObjectIds = new CObjectIds();

CObjectId cObjectId1 = new CObjectId();

CObjectId cObjectId2 = new CObjectId();

CX509ExtensionKeyUsage cX509ExtensionKeyUsage = new CX509ExtensionKeyUsage();

CX509ExtensionEnhancedKeyUsage cX509ExtensionEnhancedKeyUsage = new CX509ExtensionEnhancedKeyUsage();

string result = null;

cCspInformations.AddAvailableCsps();

cX509PrivateKey.ProviderName = providerName;

cX509PrivateKey.Length = keyLength;

cX509PrivateKey.KeySpec = X509KeySpec.XCN_AT_KEYEXCHANGE;

cX509PrivateKey.KeyUsage = X509PrivateKeyUsageFlags.XCN_NCRYPT_ALLOW_ALL_USAGES;

if(storeLocation == StoreLocation.LocalMachine)

{

cX509PrivateKey.MachineContext = true;

}

else

{

cX509PrivateKey.MachineContext = false;

}

cX509PrivateKey.ExportPolicy = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_FLAG;

cX509PrivateKey.CspInformations = cCspInformations;

cX509PrivateKey.Create();

if(storeLocation == StoreLocation.LocalMachine)

{

cX509CertificateRequestPkcs10.InitializeFromPrivateKey

(

X509CertificateEnrollmentContext.ContextMachine,

cX509PrivateKey,

string.Empty

);

}

else

{

cX509CertificateRequestPkcs10.InitializeFromPrivateKey

(

X509CertificateEnrollmentContext.ContextUser,

cX509PrivateKey,

string.Empty

);

}

CObjectId hashCObjectId = new CObjectId();

hashCObjectId.InitializeFromAlgorithmName

(

ObjectIdGroupId.XCN_CRYPT_HASH_ALG_OID_GROUP_ID,

ObjectIdPublicKeyFlags.XCN_CRYPT_OID_INFO_PUBKEY_ANY,

AlgorithmFlags.AlgorithmFlagsNone,

"SHA256"

);

cX509CertificateRequestPkcs10.HashAlgorithm = hashCObjectId;

cX509ExtensionKeyUsage.InitializeEncode

(

CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE |

CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE

);

cX509CertificateRequestPkcs10.X509Extensions.Add((CX509Extension)cX509ExtensionKeyUsage);

cObjectId1.InitializeFromValue("1.3.6.1.5.5.7.3.1");

cObjectId2.InitializeFromValue("1.3.6.1.5.5.7.3.2");

cObjectIds.Add(cObjectId1);

cObjectIds.Add(cObjectId2);

cX509ExtensionEnhancedKeyUsage.InitializeEncode(cObjectIds);

cX509CertificateRequestPkcs10.X509Extensions.Add((CX509Extension)cX509ExtensionEnhancedKeyUsage);

cX500DistinguishedName.Encode(subject, X500NameFlags.XCN_CERT_NAME_STR_SEMICOLON_FLAG);

cX509CertificateRequestPkcs10.Subject = cX500DistinguishedName;

cX509CertificateRequestPkcs10.SuppressDefaults = true;

cX509Enrollment.InitializeFromRequest(cX509CertificateRequestPkcs10);

result = cX509Enrollment.CreateRequest(EncodingType.XCN_CRYPT_STRING_BASE64);

result = "-----BEGIN CERTIFICATE REQUEST-----\r\n" + result + "-----END CERTIFICATE REQUEST-----";

return result;

}

#endregion

}

※ "CertEnroll 1.0 Type Library" COM 참조를 추가한다. TestProject.zip

[C#/COMMON] 윈도우즈 인증서 저장소명 나열하기

■ 윈도우즈 인증서 저장소명을 나열하는 방법을 보여준다. ▶ 예제 코드 (C#)


using System;
using System.Security.Cryptography.X509Certificates;

foreach(StoreName storeName in Enum.GetValues(typeof(StoreName)))
{
    X509Store store = new X509Store(storeName);

    store.Open(OpenFlags.ReadOnly);

    Console.WriteLine(store.Name);
}

using System;

using System.Security.Cryptography.X509Certificates;

foreach(StoreName storeName in Enum.GetValues(typeof(StoreName)))

{

X509Store store = new X509Store(storeName);

store.Open(OpenFlags.ReadOnly);

Console.WriteLine(store.Name);

}

[C#/WCF] WCF 인증서 인증하기

■ WCF 인증서를 인증하는 방법을 보여준다. [TestServer 프로젝트] ▶ ISimpleService.cs


using System.ServiceModel;

namespace TestServer
{
    /// <summary>
    /// 단순 서비스 인터페이스
    /// </summary>
    [ServiceContract]
    public interface ISimpleService
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Method

        #region 사용자명 구하기 - GetUserName()

        /// <summary>
        /// 사용자명 구하기
        /// </summary>
        /// <returns>사용자명</returns>
        [OperationContract]
        string GetUserName();

        #endregion
    }
}

using System.ServiceModel;

namespace TestServer

{

/// <summary>

/// 단순 서비스 인터페이스

/// </summary>

[ServiceContract]

public interface ISimpleService

{

//////////////////////////////////////////////////////////////////////////////////////////////////// Method

#region 사용자명 구하기 - GetUserName()

/// <summary>

/// 사용자명 구하기

/// </summary>

/// <returns>사용자명</returns>

[OperationContract]

string GetUserName();

#endregion

}

▶ SimpleService.cs


using System;
using System.ServiceModel;

namespace TestServer
{
    /// <summary>
    /// 단순 서비스
    /// </summary>
    public class SimpleService : ISimpleService
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Method
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region 사용자명 구하기 - GetUserName()

        /// <summary>
        /// 사용자명 구하기
        /// </summary>
        /// <returns>사용자명</returns>
        public string GetUserName()
        {
            bool   isAuthenticated    = ServiceSecurityContext.Current.PrimaryIdentity.IsAuthenticated;
            string authenticationType = ServiceSecurityContext.Current.PrimaryIdentity.AuthenticationType;
            string userName           = ServiceSecurityContext.Current.PrimaryIdentity.Name;

            Console.WriteLine("인증 여부 : {0}", isAuthenticated   );
            Console.WriteLine("인증 타입 : {0}", authenticationType);
            Console.WriteLine("사용자명  : {0}", userName          );

            return userName;
        }

        #endregion
    }
}

using System;

using System.ServiceModel;

namespace TestServer

{

/// <summary>

/// 단순 서비스

/// </summary>

public class SimpleService : ISimpleService

{

//////////////////////////////////////////////////////////////////////////////////////////////////// Method

////////////////////////////////////////////////////////////////////////////////////////// Public

#region 사용자명 구하기 - GetUserName()

/// <summary>

/// 사용자명 구하기

/// </summary>

/// <returns>사용자명</returns>

public string GetUserName()

{

bool isAuthenticated = ServiceSecurityContext.Current.PrimaryIdentity.IsAuthenticated;

string authenticationType = ServiceSecurityContext.Current.PrimaryIdentity.AuthenticationType;

string userName = ServiceSecurityContext.Current.PrimaryIdentity.Name;

Console.WriteLine("인증 여부 : {0}", isAuthenticated );

Console.WriteLine("인증 타입 : {0}", authenticationType);

Console.WriteLine("사용자명 : {0}", userName );

return userName;

}

#endregion

}

▶ Program.cs


using System.ServiceModel;
using System;

namespace TestServer
{
    /// <summary>
    /// 프로그램
    /// </summary>
    class Program
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Method
        ////////////////////////////////////////////////////////////////////////////////////////// Static
        //////////////////////////////////////////////////////////////////////////////// Private

        #region 프로그램 시작하기 - Main()

        /// <summary>
        /// 프로그램 시작하기
        /// </summary>
        private static void Main()
        {
            using(ServiceHost serviceHost = new ServiceHost(typeof(SimpleService)))
            {
                serviceHost.Open();

                Console.WriteLine("서버가 시작되었습니다 : " + DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"));

                Console.ReadKey(true);
            }
        }

        #endregion
    }
}

using System.ServiceModel;

using System;

namespace TestServer

{

/// <summary>

/// 프로그램

/// </summary>

class Program

{

//////////////////////////////////////////////////////////////////////////////////////////////////// Method

////////////////////////////////////////////////////////////////////////////////////////// Static

//////////////////////////////////////////////////////////////////////////////// Private

#region 프로그램 시작하기 - Main()

/// <summary>

/// 프로그램 시작하기

/// </summary>

private static void Main()

{

using(ServiceHost serviceHost = new ServiceHost(typeof(SimpleService)))

{

serviceHost.Open();

Console.WriteLine("서버가 시작되었습니다 : " + DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"));

Console.ReadKey(true);

}

#endregion

}

▶ App.config


<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <system.serviceModel>
        <behaviors>
            <serviceBehaviors>
                <behavior name="mexBehavior">
                    <serviceMetadata httpGetEnabled="true" />
                    <serviceCredentials>
                        <clientCertificate>
                            <authentication certificateValidationMode="PeerTrust" />
                        </clientCertificate>
                        <serviceCertificate
                            findValue="WCFServer"
                            storeLocation="CurrentUser"
                            storeName="My"
                            x509FindType="FindBySubjectName" />
                    </serviceCredentials>
                </behavior>
            </serviceBehaviors>
        </behaviors>
        <bindings>
            <wsHttpBinding>
                <binding name="wsHttp">
                    <security mode="Message">
                        <message clientCredentialType="Certificate" />
                    </security>
                </binding>
            </wsHttpBinding>
            <netTcpBinding>
                <binding name="netTcp">
                    <security mode="Message">
                        <message clientCredentialType="Certificate" />
                    </security>
                </binding>
            </netTcpBinding>
        </bindings>
        <services>
            <service name="TestServer.SimpleService" behaviorConfiguration="mexBehavior">
                <endpoint
                    address="SimpleService"
                    binding="wsHttpBinding"
                    bindingConfiguration="wsHttp"
                    contract="TestServer.ISimpleService" />
                <endpoint
                    address="SimpleService"
                    binding="netTcpBinding"
                    bindingConfiguration="netTcp"
                    contract="TestServer.ISimpleService" />
                <host>
                    <baseAddresses>
                        <add baseAddress="http://localhost:8080" />
                        <add baseAddress="net.tcp://localhost:8090" />
                    </baseAddresses>
                </host>
            </service>
        </services>
    </system.serviceModel>
</configuration>

<?xml version="1.0" encoding="utf-8" ?>

<system.serviceModel>

</clientCertificate>

<serviceCertificate

findValue="WCFServer"

storeLocation="CurrentUser"

storeName="My"

x509FindType="FindBySubjectName" />

</serviceCredentials>

</behavior>

</serviceBehaviors>

</behaviors>

</security>

</binding>

</wsHttpBinding>

</security>

</binding>

</netTcpBinding>

</bindings>

<endpoint

address="SimpleService"

binding="wsHttpBinding"

bindingConfiguration="wsHttp"

contract="TestServer.ISimpleService" />

<endpoint

address="SimpleService"

binding="netTcpBinding"

bindingConfiguration="netTcp"

contract="TestServer.ISimpleService" />

<host>

</baseAddresses>

</host>

</service>

</services>

</system.serviceModel>

</configuration>

[TestClient 프로젝트]

[C#/WCF] WCF 테스트 인증서 생성하기

■ WCF 테스트 인증서를 생성하는 방법을 보여준다. 1. [명령 프롬프트]에서 아래 명령을 실행한다. ▶ 실행 명령


makecert.exe -sr CurrentUser -ss My -a sha1 -n CN=WCFServer -sky exchange -pe
makecert.exe -sr CurrentUser -ss My -a sha1 -n CN=WCFClient -sky exchange -pe

makecert.exe -sr CurrentUser -ss My -a sha1 -n CN=WCFServer -sky exchange -pe

makecert.exe -sr CurrentUser -ss My -a sha1 -n CN=WCFClient -sky exchange -pe

2. [명령 프롬프트]에서 아래 명령을