SSL/TSL -查找证书时的问题

Question

我正在测试下面的链接中给出的例子。

https://msdn.microsoft.com/en-us/library/system.net.security.sslstream.aspx

为了生成证书，我使用的是带有40个用户答案的SSLStream example - how do I get certificates that work?

要运行我正在使用的命令SslTcpServer.exe TempCert.cer的服务器

下面是我遇到问题的msdn的代码。

public static int Main(string[] args)
        {
            string serverCertificateName = null;
            string machineName = null;
            if (args == null ||args.Length <1 )
            {
                DisplayUsage();
            }
            // User can specify the machine name and server name.
            // Server name must match the name on the server's certificate. 
            machineName = args[0];
            if (args.Length <2 )
            {
                serverCertificateName = machineName;
            }
            else 
            {
                serverCertificateName = args[1];
            }
            SslTcpClient.RunClient (machineName, serverCertificateName);
            return 0;
        }

当调用System.Security.Cryptography.CryptographicException：：X509Certificate.CreateFromCertFile‘系统找不到指定的文件时，我得到下面的错误。

public static void RunServer(string certificate)
        {
            serverCertificate = X509Certificate.CreateFromCertFile(certificate);
            // Create a TCP/IP (IPv4) socket and listen for incoming connections.
            //serverCertificate = new X509Certificate2(certificate,"");
   }

serverCertificateName是作为参数传递的，它应该只是证书的名称，还是应该给出证书的完整路径？

如果我给出证书的路径，它是工作的fine.Then，那么在存储中安装证书有什么意义？我怎样才能从商店买到它并使用它呢？

Answer 1

以下代码将返回已安装证书支持的主机名的列表(这比您希望的要多一点，但应该会为您指明正确的方向)：

        System.Security.Cryptography.X509Certificates.X509Store store = new System.Security.Cryptography.X509Certificates.X509Store(System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine);
        store.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadOnly);
        HashSet<string> certificateNames = new HashSet<string>();
        foreach (System.Security.Cryptography.X509Certificates.X509Certificate2 mCert in store.Certificates)
        {
            // is this a UCC certificate?
            System.Security.Cryptography.X509Certificates.X509Extension uccSan = mCert.Extensions["2.5.29.17"];
            if (uccSan != null)
            {
                foreach (string nvp in uccSan.Format(true).Split(new string[] { Environment.NewLine }, StringSplitOptions.RemoveEmptyEntries))
                {
                    string[] parts = nvp.Split('=');
                    string name = parts[0];
                    string value = (parts.Length > 0) ? parts[1] : null;
                    if (String.Equals(name, "DNS Name", StringComparison.InvariantCultureIgnoreCase))
                    {
                        certificateNames.Add(value.ToLowerInvariant());
                    }
                }
            }
            else // just a regular certificate--add the single name
            {
                string certificateHost = mCert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false);
                certificateNames.Add(certificateHost.ToLowerInvariant());
            }
        }
        return certificateNames;