public X509Certificate2 CreateSelfSignedCertificate(SelfSignedCertProperties properties)
        {
            ThrowIfDisposedOrNotOpen();

            GenerateKeyExchangeKey(properties.IsPrivateKeyExportable, properties.KeyBitLength);
            //GenerateSignatureKey(properties.IsPrivateKeyExportable, properties.KeyBitLength);

            byte[]   asnName       = properties.Name.RawData;
            GCHandle asnNameHandle = GCHandle.Alloc(asnName, GCHandleType.Pinned);

            var kpi = new Win32Native.CryptKeyProviderInformation
            {
                ContainerName = this.ContainerName,
                KeySpec       = (int)KeyType.Exchange,
                ProviderType  = 1, // default RSA provider
            };

            IntPtr certContext = Win32Native.CertCreateSelfSignCertificate(
                handle,
                new Win32Native.CryptoApiBlob(asnName.Length, asnNameHandle.AddrOfPinnedObject()),
                0, kpi, IntPtr.Zero,
                ToSystemTime(properties.ValidFrom),
                ToSystemTime(properties.ValidTo),
                IntPtr.Zero);

            asnNameHandle.Free();

            if (IntPtr.Zero == certContext)
            {
                Win32ErrorHelper.ThrowExceptionIfGetLastErrorIsNotZero();
            }

            X509Certificate2 cert = new X509Certificate2(certContext); // dups the context (increasing it's refcount)

            if (!Win32Native.CertFreeCertificateContext(certContext))
            {
                Win32ErrorHelper.ThrowExceptionIfGetLastErrorIsNotZero();
            }

            return(cert);
        }
        public X509Certificate2 CreateSelfSignedCertificate(SelfSignedCertProperties properties)
        {
            ThrowIfDisposedOrNotOpen();

            GenerateKeyExchangeKey(properties.IsPrivateKeyExportable, properties.KeyBitLength);
            //GenerateSignatureKey(properties.IsPrivateKeyExportable, properties.KeyBitLength);

            byte[] asnName = properties.Name.RawData;
            GCHandle asnNameHandle = GCHandle.Alloc(asnName, GCHandleType.Pinned);

            var kpi = new Win32Native.CryptKeyProviderInformation
            {
                ContainerName = this.ContainerName,
                KeySpec = (int)KeyType.Exchange,
                ProviderType = 1, // default RSA provider
            };

            IntPtr certContext = Win32Native.CertCreateSelfSignCertificate(
                    handle,
                    new Win32Native.CryptoApiBlob(asnName.Length, asnNameHandle.AddrOfPinnedObject()),
                    0, kpi, IntPtr.Zero,
                    ToSystemTime(properties.ValidFrom),
                    ToSystemTime(properties.ValidTo),
                    IntPtr.Zero);

            asnNameHandle.Free();

            if (IntPtr.Zero == certContext)
                Win32ErrorHelper.ThrowExceptionIfGetLastErrorIsNotZero();

            X509Certificate2 cert = new X509Certificate2(certContext); // dups the context (increasing it's refcount)

            if (!Win32Native.CertFreeCertificateContext(certContext))
                Win32ErrorHelper.ThrowExceptionIfGetLastErrorIsNotZero();

            return cert;
        }