//------   Since we are using an RSA with nonpersisted keycontainer, must pass it in to ensure it isn't colledted  -----
        private static byte[] GetPkcs12(RSA rsa, String keycontainer, String cspprovider, uint KEYSPEC, uint cspflags)
        {
            byte[] pfxblob	= null;
              IntPtr hCertCntxt	= IntPtr.Zero;

              String DN = "CN=Opensslkey Unsigned Certificate";

            hCertCntxt =  CreateUnsignedCertCntxt(keycontainer, cspprovider, KEYSPEC, cspflags, DN) ;
            if(hCertCntxt == IntPtr.Zero){
            Console.WriteLine("Couldn't create an unsigned-cert\n") ;
            return null;
            }
             try{
            X509Certificate cert = new X509Certificate(hCertCntxt) ;	//create certificate object from cert context.
            X509Certificate2UI.DisplayCertificate(new X509Certificate2(cert)) ;	// display it, showing linked private key
            SecureString pswd = GetSecPswd("Set PFX Password ==>") ;
            pfxblob = cert.Export(X509ContentType.Pkcs12, pswd);
              }

             catch(Exception exc)
             {
            Console.WriteLine( "BAD RESULT" + exc.Message);
            pfxblob = null;
             }

            rsa.Clear() ;
            if(hCertCntxt != IntPtr.Zero)
            Win32.CertFreeCertificateContext(hCertCntxt) ;
              return pfxblob;
        }