python - 使用新密钥对更新证书

问题描述

我想使用 initializefromcertificate 创建 CX509CertificateRequestPkcs 并且我想使用 X509RequestInheritOptions.InheritNewSimilarkey 在原始证书'密钥对存在的地方生成新的密钥对但是我收到错误 CertEnroll::CX509CertificateRequestPkcs7::InitializeFromCertificate: The requested property value is empty。0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)" 这是我的代码

X509Store store = new X509Store(StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
foreach (X509Certificate2 c in store.Certificates)
{
    var cert2 = c.Subject;
    if (cert2.Contains("CN=test"))
    {
        var objPkcs72 = new CX509CertificateRequestPkcs7();
        string strCertificate = Convert.ToBase64String(c.RawData);
        var inheritOptions = X509RequestInheritOptions.InheritNewSimilarKey ;
        objPkcs72.InitializeFromCertificate(X509CertificateEnrollmentContext.ContextUser, false, strCertificate, EncodingType.XCN_CRYPT_STRING_BASE64, inheritOptions);
        ISignerCertificate signer = new CSignerCertificate();
        CERTENROLLLib.CSignerCertificate signer2 = new CERTENROLLLib.CSignerCertificate();
        signer2.Initialize(false, X509PrivateKeyVerify.VerifyAllowUI, EncodingType.XCN_CRYPT_STRING_BASE64, strCertificate);
        objPkcs72.SignerCertificate = signer2;
        string c2 = "";
        objEnroll.InitializeFromRequest(objPkcs72);
        var message2 = objEnroll.CreateRequest(EncodingType.XCN_CRYPT_STRING_BASE64);
        var iDisposition = objCertRequest.Submit(CR_IN_BASE64 | CR_IN_FORMATANY, message2, templateName, CAAddress);
        string c3 = objCertRequest.GetCertificate(CR_IN_BASE64 | CR_IN_FORMATANY);
        X509Certificate2 cert = new X509Certificate2(LoadFromCertBase64String(c2));
        objEnroll.InstallResponse(InstallResponseRestrictionFlags.AllowNone, c3, EncodingType.XCN_CRYPT_STRING_BASE64, "");
    }
}

标签： pythonx509certificatex509certificate2certenroll