public async Task <IActionResult> Sign(
            [FromServices] ICertificateAuthorityService certificateAuthorityService,
            [FromServices] RootAuthorityAppService rootAuthorityAppService,
            [FromServices] SystemContext adminDbContext,
            Guid certSysid)
        {
            var deviceCertificate = tenantContext.DeviceCertificates.SingleOrDefault(x => x.Sysid == certSysid);

            //var CommonName = "AgileLabs Root Certificate Authority";

            CertificateAuthority signCa = rootAuthorityAppService.GetDefaultRootCertificate();//agileLabsDbContext.CertificateAuthorities.FirstOrDefault(x => x.CommonName == CommonName);

            var rootCertificate = CertificateUtil.CreateX509Certificate2(Convert.FromBase64String(signCa.Certificate));

            var signCaKeyPair    = adminDbContext.KeyPairs.FirstOrDefault(x => x.Sysid == signCa.KeyPairSysid);
            var rootcaPrivateKey = CertificateUtil.ReadPrivateKey(signCaKeyPair.PrivateKey.ConvertBase64ToUTF8());

            var csr = CertificateUtil.PemRead <Pkcs10CertificationRequest>(deviceCertificate.SignRequest.ConvertBase64ToUTF8());

            var csrPublicKey = csr.GetPublicKey();

            var issuerNameList = rootCertificate.IssuerName.Name.Replace("S=", "ST=").Split(", ");
            var x509Name       = new X509Name(string.Join(", ", issuerNameList.Reverse().ToList()));
            var certificate    = certificateAuthorityService.SignCertificate(csr, x509Name, rootcaPrivateKey.Private);

            deviceCertificate.Certificate = CertificateUtil.ExportToByte(certificate, X509ContentType.Cert).ConvertToBase64String();
            tenantContext.Update(deviceCertificate);
            await tenantContext.SaveChangesAsync();

            return(RedirectToAction(nameof(Index)));
        }