c# - 在 .Net Framework 中创建的 IOS 自签名证书不可信

问题描述

我尝试创建 c# 代码以直接从本地网络中的调试服务器创建 .pfx 文件。

我已经阅读了这篇文章，并且 Iphone X 可以将证书添加到信任列表中......

好吧，现在我尝试直接从 C# 编写 .pfx 文件。

      private X509Certificate2 buildSelfSignedServerCertificate(string CertificateName) {
     SubjectAlternativeNameBuilder sanBuilder = new SubjectAlternativeNameBuilder();
     sanBuilder.AddIpAddress(IPAddress.Loopback);
     sanBuilder.AddIpAddress(IPAddress.IPv6Loopback);
     sanBuilder.AddDnsName("localhost");
     sanBuilder.AddDnsName(Environment.MachineName);

     X500DistinguishedName distinguishedName = new X500DistinguishedName($"CN={CertificateName}");

     using (RSA rsa = RSA.Create(2048)) {
        var request = new CertificateRequest(distinguishedName, rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);

        request.CertificateExtensions.Add(
            new X509KeyUsageExtension(X509KeyUsageFlags.DataEncipherment | X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DigitalSignature, false));

        request.CertificateExtensions.Add(
           new X509EnhancedKeyUsageExtension(
               new OidCollection { new Oid("1.3.6.1.5.5.7.3.1") }, false));

       // My new line to add BasicConstraints read in previous link :(
       request.CertificateExtensions.Add(new X509BasicConstraintsExtension(true, false, 0, false));

       request.CertificateExtensions.Add(sanBuilder.Build());

        var certificate = request.CreateSelfSigned(new DateTimeOffset(DateTime.UtcNow.AddDays(-1)), new DateTimeOffset(DateTime.UtcNow.AddDays(3650)));
        certificate.FriendlyName = CertificateName;

        return new X509Certificate2(certificate.Export(X509ContentType.Pfx, "WeNeedASaf3rPassword"), "WeNeedASaf3rPassword", X509KeyStorageFlags.Exportable);
     }
  }

当我在 ios 中导入证书时，它已被验证，但我在受信任列表中看不到它...

标签： c#winformsssl-certificatex509certificate2pfx