private static RenewCertificateResponse RenewCertificates(PKIClient client, CertStore store)
        {
            var myLoadedCryptoCert     = store.GetCertificate(CertStore.Certificiates.ClientIssuedEncryption);
            var myLoadedSigningCert    = store.GetCertificate(CertStore.Certificiates.ClientIssuedSigning);
            var myGeneratedCryptoCert  = store.GetCertificate(CertStore.Certificiates.ClientGeneratedEncryption);
            var myGeneratedSigningCert = store.GetCertificate(CertStore.Certificiates.ClientGeneratedSigning);

            // This issues a new set of certificates without revoking the old ones.
            var res = client.RenewCertificate(myLoadedSigningCert, myLoadedCryptoCert, KeyGeneratorTypeType.software);

            if (!CheckForError(res))
            {
                return(null);
            }

            // Read the x509 certificates returned from the server and attach the private keys
            X509Certificate2 issuedCryptoCertificate  = new X509Certificate2(res.Response.RenewCertificateResponse.EncryptionCert);
            X509Certificate2 issuedSigningCertificate = new X509Certificate2(res.Response.RenewCertificateResponse.SigningCert);

            // Set the private key on the X509Certificate2 instances, so we can easiliy store them
            issuedCryptoCertificate.PrivateKey  = myGeneratedCryptoCert.PrivateKey;
            issuedSigningCertificate.PrivateKey = myGeneratedSigningCert.PrivateKey;

            // Save the newly issued certificates in the certificate store
            store.SetCertificate(CertStore.Certificiates.ClientIssuedEncryption, issuedCryptoCertificate.Export(X509ContentType.Pkcs12));
            store.SetCertificate(CertStore.Certificiates.ClientIssuedSigning, issuedSigningCertificate.Export(X509ContentType.Pkcs12));

            return(res.Response.RenewCertificateResponse);
        }
Exemple #2
0
        private static RenewCertificateResponse RenewCertificates()
        {
            Console.WriteLine("Renewing own certificates ...");

            var myIssuedCryptoCert  = CertStore.GetCertificate(CertStore.Certificiates.ClientIssuedEncryption);
            var myIssuedSigningCert = CertStore.GetCertificate(CertStore.Certificiates.ClientIssuedSigning);

            // This issues a new set of certificates without revoking the old ones.
            var res = PKIClient.RenewCertificate(myIssuedSigningCert, myIssuedCryptoCert, KeyGeneratorTypeType.software);

            if (!CheckForError(res))
            {
                exitProgram(Int32.Parse(res.Error.ReturnCode));
                return(null);
            }

            // backup old certificates
            CertStore.SetCertificate(CertStore.Certificiates.BackupClientIssuedEncryption, myIssuedCryptoCert.Export(X509ContentType.Pkcs12));
            CertStore.SetCertificate(CertStore.Certificiates.BackupClientIssuedSigning, myIssuedSigningCert.Export(X509ContentType.Pkcs12));

            // Read the x509 certificates returned from the server and attach the private keys
            X509Certificate2 newIssuedCryptoCert  = new X509Certificate2(res.Response.RenewCertificateResponse.EncryptionCert);
            X509Certificate2 newIssuedSigningCert = new X509Certificate2(res.Response.RenewCertificateResponse.SigningCert);

            // Set the private key on the X509Certificate2 instances, so we can easily store them
            newIssuedCryptoCert.PrivateKey  = myIssuedCryptoCert.PrivateKey;
            newIssuedSigningCert.PrivateKey = myIssuedSigningCert.PrivateKey;

            // Save the newly issued certificates in the certificate store
            CertStore.SetCertificate(CertStore.Certificiates.ClientIssuedEncryption, newIssuedCryptoCert.Export(X509ContentType.Pkcs12));
            CertStore.SetCertificate(CertStore.Certificiates.ClientIssuedSigning, newIssuedSigningCert.Export(X509ContentType.Pkcs12));

            Console.WriteLine("  Renewal was successful.");

            return(res.Response.RenewCertificateResponse);
        }