private byte[] GenerateRootCertificate()
{
string commonName = $"Test Authority {DateTime.UtcNow:MM/yyyy}";
DateTimeOffset notBefore = DateTimeOffset.UtcNow.AddHours(-2);
DateTimeOffset notAfter = DateTimeOffset.UtcNow.AddYears(5);
SecureRandom random = GenerateRandom();
ICertificateBuilder builder = builderFactory(random);
AsymmetricCipherKeyPair keyPair = CertificateBuilder2.GenerateKeyPair(2048, GenerateRandom());
CertificateWithKey certificate = builder
.WithSubjectCommonName(commonName)
.WithKeyPair(keyPair)
.SetNotAfter(notAfter)
.SetNotBefore(notBefore)
.WithBasicConstraints(BasicConstrainsConstants.CertificateAuthority)
//.WithKeyUsage()
.WithAuthorityKeyIdentifier(keyPair)
.WithSubjectKeyIdentifier()
.SetIssuer(builder.Subject)
.Generate();
return(ConvertToPfx(certificate.Certificate, (RsaPrivateCrtKeyParameters)keyPair.Private, Password));
}
public byte[] GenerateSslCertificate(PfxCertificateRequest request)
{
DateTimeOffset notBefore = DateTimeOffset.UtcNow.AddHours(-2);
DateTimeOffset notAfter = DateTimeOffset.UtcNow.AddDays(request.ValidtyInDays);
SecureRandom random = randomService.GenerateRandom();
CertificateBuilder2 builder = builderFactory(random, SignerCertificate);
AsymmetricCipherKeyPair keyPair = CertificateBuilder2.GenerateKeyPair(2048, random);
X509Name signerSubject = new X509CertificateParser().ReadCertificate(SignerCertificate.Certificate.RawData)
.IssuerDN;
CertificateWithKey certificate = builder.WithSubjectCommonName(request.CommonName)
.WithKeyPair(keyPair)
.SetIssuer(signerSubject)
.SetNotAfter(notAfter)
.SetNotBefore(notBefore)
.WithSubjectAlternativeName(request.Hostnames, request.IpAddresses)
.WithBasicConstraints(BasicConstrainsConstants.EndEntity)
.WithExtendedKeyUsage()
.WithAuthorityKeyIdentifier(SignerCertificate.KeyPair)
.Generate(SignerCertificate.KeyPair);
return(ConvertToPfx(certificate.Certificate, (RsaPrivateCrtKeyParameters)keyPair.Private, request.Password));
}
