/// <summary>
        /// Creates a QWAC certificate on the fly
        /// </summary>
        /// <param name="request"></param>
        /// <param name="privateKey"></param>
        /// <returns></returns>
        public X509Certificate2 CreateQWACs(Psd2CertificateRequest request, out RSA privateKey)
        {
            var notBefore           = DateTimeOffset.UtcNow.AddDays(-1);
            var notAfter            = DateTimeOffset.UtcNow.AddDays(request.ValidityInDays);
            var authorizationNumber = new NCAId(request.CountryCode, request.AuthorityId, request.AuthorizationNumber);
            var subject             = new SubjectBuilder().AddCommonName(request.CommonName)
                                      .AddOrganization(request.Organization, request.OrganizationUnit)
                                      .AddLocation(request.CountryCode, request.State, request.City)
                                      .AddOrganizationIdentifier(authorizationNumber.ToString())
                                      .Build();
            var extensions = new List <X509Extension>();

            var psd2Type = new Psd2CertificateAttributes()
            {
                AuthorityName         = request.AuthorityName,
                AuthorizationNumber   = authorizationNumber,
                HasAccountInformation = request.Roles.Aisp,
                HasPaymentInitiation  = request.Roles.Pisp,
                HasIssuingOfCardBasedPaymentInstruments = request.Roles.Piisp,
                HasAccountServicing = request.Roles.Aspsp,
            };
            var psd2Extension = new QualifiedCertificateStatementsExtension(psd2Type, critical: false);

            extensions.Add(psd2Extension);
            var certificate = CreateCertificate(CreateRootCACertificate(), subject, extensions, notBefore, notAfter, out privateKey);

            if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
            {
                certificate.FriendlyName = "Qualified website authentication certificate QWAC";
            }
            return(certificate.CopyWithPrivateKey(privateKey));
        }
        /// <summary>
        /// Creates a Certification Authority certificate on the fly with some madeup data in the subject. Use this as issuing cert for other self signed certificates
        /// </summary>
        /// <param name="diagnostics"></param>
        /// <returns></returns>
        public X509Certificate2 CreateRootCACertificate(DiagnosticInformation diagnostics = null)
        {
            var notBefore = DateTimeOffset.UtcNow.AddDays(-2);
            var notAfter  = DateTimeOffset.UtcNow.AddYears(5);
            var subject   = new SubjectBuilder().AddLocation("GR", "Attiki", "Athens")
                            .AddOrganization("Authority CA", "IT")
                            .AddCommonName("Authority CA Domain Name")
                            .AddEmail("*****@*****.**")
                            .Build();
            var extensions       = new List <X509Extension>();
            var basicConstraints = new X509BasicConstraintsExtension(
                certificateAuthority: true,
                hasPathLengthConstraint: false,
                pathLengthConstraint: 0,
                critical: true);

            extensions.Add(basicConstraints);
            var certificate = CreateSelfSignedCertificate(subject, extensions, notBefore, notAfter);

            if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
            {
                certificate.FriendlyName = "Root CA";
            }
            return(certificate);
        }