private static RenewCertificateResponse RenewCertificates(PKIClient client, CertStore store)
{
var myLoadedCryptoCert = store.GetCertificate(CertStore.Certificiates.ClientIssuedEncryption);
var myLoadedSigningCert = store.GetCertificate(CertStore.Certificiates.ClientIssuedSigning);
var myGeneratedCryptoCert = store.GetCertificate(CertStore.Certificiates.ClientGeneratedEncryption);
var myGeneratedSigningCert = store.GetCertificate(CertStore.Certificiates.ClientGeneratedSigning);
// This issues a new set of certificates without revoking the old ones.
var res = client.RenewCertificate(myLoadedSigningCert, myLoadedCryptoCert, KeyGeneratorTypeType.software);
if (!CheckForError(res))
{
return(null);
}
// Read the x509 certificates returned from the server and attach the private keys
X509Certificate2 issuedCryptoCertificate = new X509Certificate2(res.Response.RenewCertificateResponse.EncryptionCert);
X509Certificate2 issuedSigningCertificate = new X509Certificate2(res.Response.RenewCertificateResponse.SigningCert);
// Set the private key on the X509Certificate2 instances, so we can easiliy store them
issuedCryptoCertificate.PrivateKey = myGeneratedCryptoCert.PrivateKey;
issuedSigningCertificate.PrivateKey = myGeneratedSigningCert.PrivateKey;
// Save the newly issued certificates in the certificate store
store.SetCertificate(CertStore.Certificiates.ClientIssuedEncryption, issuedCryptoCertificate.Export(X509ContentType.Pkcs12));
store.SetCertificate(CertStore.Certificiates.ClientIssuedSigning, issuedSigningCertificate.Export(X509ContentType.Pkcs12));
return(res.Response.RenewCertificateResponse);
}
private static RenewCertificateResponse RenewCertificates()
{
Console.WriteLine("Renewing own certificates ...");
var myIssuedCryptoCert = CertStore.GetCertificate(CertStore.Certificiates.ClientIssuedEncryption);
var myIssuedSigningCert = CertStore.GetCertificate(CertStore.Certificiates.ClientIssuedSigning);
// This issues a new set of certificates without revoking the old ones.
var res = PKIClient.RenewCertificate(myIssuedSigningCert, myIssuedCryptoCert, KeyGeneratorTypeType.software);
if (!CheckForError(res))
{
exitProgram(Int32.Parse(res.Error.ReturnCode));
return(null);
}
// backup old certificates
CertStore.SetCertificate(CertStore.Certificiates.BackupClientIssuedEncryption, myIssuedCryptoCert.Export(X509ContentType.Pkcs12));
CertStore.SetCertificate(CertStore.Certificiates.BackupClientIssuedSigning, myIssuedSigningCert.Export(X509ContentType.Pkcs12));
// Read the x509 certificates returned from the server and attach the private keys
X509Certificate2 newIssuedCryptoCert = new X509Certificate2(res.Response.RenewCertificateResponse.EncryptionCert);
X509Certificate2 newIssuedSigningCert = new X509Certificate2(res.Response.RenewCertificateResponse.SigningCert);
// Set the private key on the X509Certificate2 instances, so we can easily store them
newIssuedCryptoCert.PrivateKey = myIssuedCryptoCert.PrivateKey;
newIssuedSigningCert.PrivateKey = myIssuedSigningCert.PrivateKey;
// Save the newly issued certificates in the certificate store
CertStore.SetCertificate(CertStore.Certificiates.ClientIssuedEncryption, newIssuedCryptoCert.Export(X509ContentType.Pkcs12));
CertStore.SetCertificate(CertStore.Certificiates.ClientIssuedSigning, newIssuedSigningCert.Export(X509ContentType.Pkcs12));
Console.WriteLine(" Renewal was successful.");
return(res.Response.RenewCertificateResponse);
}