X509Certificate2.CreateFromPemFile(String, String) 方法


從 RFC 7468 PEM 編碼憑證與私密金鑰的檔案內容建立新的 X509 憑證。Creates a new X509 certificate from the file contents of an RFC 7468 PEM-encoded certificate and private key.

public static System.Security.Cryptography.X509Certificates.X509Certificate2 CreateFromPemFile (string certPemFilePath, string? keyPemFilePath = default);
static member CreateFromPemFile : string * string -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Shared Function CreateFromPemFile (certPemFilePath As String, Optional keyPemFilePath As String = Nothing) As X509Certificate2



PEM 編碼 X509 憑證的路徑。The path for the PEM-encoded X509 certificate.


若指定,則為 PEM 編碼私密金鑰的路徑。If specified, the path for the PEM-encoded private key. 若未指定,將會使用 certPemFilePath 檔案來載入私密金鑰。If unspecified, the certPemFilePath file will be used to load the private key.



含私密金鑰的新憑證。A new certificate with the private key.


certPemFilePath 中檔案路徑的內容並不包含 PEM 編碼憑證,或其格式不正確。The contents of the file path in certPemFilePath do not contain a PEM-encoded certificate, or it is malformed.


keyPemFilePath 的檔案路徑內容並不包含 PEM 編碼私密金鑰,或其格式不正確。The contents of the file path in keyPemFilePath do not contain a PEM-encoded private key, or it is malformed.


keyPemFilePath 的檔案路徑內容包含不符合憑證中公開金鑰的金鑰。The contents of the file path in keyPemFilePath contains a key that does not match the public key in the certificate.


憑證使用未知的公開金鑰演算法。The certificate uses an unknown public key algorithm.

certPemFilePathnullcertPemFilePath is null.


ReadAllText(String)如需可擲回之例外狀況的其他檔,請參閱。See ReadAllText(String) for additional documentation about exceptions that can be thrown.

來自憑證的 SubjectPublicKeyInfo 可決定要為私密金鑰接受哪些 PEM 標籤。The SubjectPublicKeyInfo from the certificate determines what PEM labels are accepted for the private key. 針對 RSA 憑證,接受的私密金鑰 PEM 標籤為「RSA 私密金鑰」和「私密金鑰」。For RSA certificates, accepted private key PEM labels are "RSA PRIVATE KEY" and "PRIVATE KEY". 對於 ECDSA 憑證,接受的私密金鑰 PEM 標籤是 "EC 私密金鑰" 和 "私密金鑰"。For ECDSA certificates, accepted private key PEM labels are "EC PRIVATE KEY" and "PRIVATE KEY". 若為 DSA 憑證,接受的私密金鑰 PEM 標籤為「私密金鑰」。For DSA certificates, the accepted private key PEM label is "PRIVATE KEY".

會忽略具有不同標籤的 PEM 編碼專案。PEM-encoded items that have a different label are ignored.

結合 PEM 編碼的憑證和金鑰不需要特定的順序。Combined PEM-encoded certificates and keys do not require a specific order. 對於憑證,會載入具有憑證標籤的第一個憑證。For the certificate, the the first certificate with a CERTIFICATE label is loaded. 針對私密金鑰,會載入具有可接受標籤的第一個私密金鑰。For the private key, the first private key with an acceptable label is loaded. 載入憑證和私密金鑰的更先進案例可以利用 PemEncoding 來列舉 PEM 編碼的值,並套用任何自訂載入行為。More advanced scenarios for loading certificates and private keys can leverage PemEncoding to enumerate PEM-encoded values and apply any custom loading behavior.

針對受密碼保護的 PEM 編碼金鑰,請使用 CreateFromEncryptedPemFile(String, ReadOnlySpan<Char>, String) 來指定密碼。For password protected PEM-encoded keys, use CreateFromEncryptedPemFile(String, ReadOnlySpan<Char>, String) to specify a password.