PRB: X509Certificate Supports Only DER-Encoded Certificates

Isenção de Responsabilidade para Conteúdo da KB Desativado

Este artigo foi escrito sobre produtos para os quais a Microsoft já não fornece suporte. Por conseguinte, este artigo é oferecido "tal como está" e não será mais atualizado.

This article refers to the following Microsoft .NET Framework Class Library namespaces:
  • System.IO
  • System.Security.Cryptography.X509Certificates
  • System.Text

Symptoms

When you use the System.Security.Cryptography.X509Certificates.X509Certificate class, you may receive the following error message:
Input data cannot be coded as a valid certificate.
This problem occurs if one of the following conditions is true:
  • You use the X509Certificate constructor and pass an array of bytes that are read from a Base64-encoded X.509 (.cer) file to the X509Certificate constructor. -or-

  • You use the X509Certificate.CreateFromCertFile method and pass in the path to a Base64-encoded X.509 (.cer) file.

Cause

This problem occurs because the X509Certificate class only supports binary X.509 (.cer) certificates that are encoded in Distinguished Encoding Rules (DER).

Resolution

If the certificate is Base64-encoded, follow these steps to resolve this problem:
  1. Remove the following strings from the certificate data:

    -----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----
  2. Decode the Base64 certificate data. For example, the following Visual C# sample code decodes Base64 certificate data:
    using System;
    using System.IO;
    using System.Security.Cryptography.X509Certificates;
    using System.Text;

    namespace ReadBase64Cert
    {
    public class ReadBase64Cert
    {
    public ReadBase64Cert()
    {
    }
    public static void Main(string[] args)
    {
    if (args.Length < 1)
    {
    Console.WriteLine("Usage: Base64EncodedFile (.cer)\n");
    return;
    }

    // args[0] - Base64Encoded .cer file

    // Open the certificate, and read it into a byte array.
    FileStream certFile = new FileStream(args[0],
    FileMode.Open,
    FileAccess.Read);
    int size = (int)certFile.Length;
    byte[] certBytes = new byte[size];
    size = certFile.Read(certBytes, 0, size);
    certFile.Close();

    // Remove the unnecessary characters.
    String certString = Encoding.ASCII.GetString(certBytes);
    StringBuilder sb = new StringBuilder(certString);
    sb.Replace("-----BEGIN CERTIFICATE-----", "");
    sb.Replace("-----END CERTIFICATE-----", "");

    // Decode the bytes from base64 to raw bytes.
    certBytes = Convert.FromBase64String(sb.ToString());
    X509Certificate cert = new X509Certificate(certBytes);
    Console.WriteLine(cert.GetName());
    }
    }
    }

Status

This behavior is by design.
Propriedades

ID do Artigo: 318217 - Última Revisão: 20 de out de 2003 - Revisão: 1

Comentários