/// <summary> /// Generates a self-signed certificate with a specified <paramref name="issuerName"/> and <paramref name="subjectName"/>. /// </summary> /// <param name="subjectName">The subject name of the self-signed certificate.</param> /// <param name="issuerName">The issuer name of the self-signed certificate.</param> /// <exception cref="ArgumentException">When the <paramref name="subjectName"/> is <c>null</c>.</exception> /// <exception cref="ArgumentException">When the <paramref name="issuerName"/> is <c>null</c>.</exception> public static X509Certificate2 CreateWithIssuerAndSubjectName(string issuerName, string subjectName) { Guard.NotNullOrWhitespace(subjectName, nameof(subjectName), "Subject name should not be blank"); Guard.NotNullOrWhitespace(issuerName, nameof(issuerName), "Issuer name should not be blank"); issuerName = issuerName.StartsWith("CN=") ? issuerName : "CN=" + issuerName; subjectName = subjectName.StartsWith("CN=") ? subjectName : "CN=" + subjectName; SecureRandom random = GetSecureRandom(); AsymmetricCipherKeyPair subjectKeyPair = GenerateKeyPair(random, 2048); BigInteger serialNumber = GenerateSerialNumber(random); using (X509Certificate2 issuerCert = GenerateCA(issuerName)) { AsymmetricCipherKeyPair issuerKeyPair = DotNetUtilities.GetKeyPair(issuerCert.PrivateKey); var issuerSerialNumber = new BigInteger(issuerCert.GetSerialNumber()); var certificateGenerator = new X509V3CertificateGenerator(); certificateGenerator.AddIssuer(issuerName, issuerKeyPair, issuerSerialNumber); certificateGenerator.SetSubjectDN(new X509Name(subjectName)); certificateGenerator.SetNotBefore(DateTime.UtcNow.Date); certificateGenerator.SetNotAfter(DateTime.UtcNow.Date.AddYears(30)); certificateGenerator.SetPublicKey(subjectKeyPair.Public); certificateGenerator.SetSerialNumber(serialNumber); certificateGenerator.AddSubjectKeyIdentifier(subjectKeyPair); certificateGenerator.AddBasicConstraints(isCertificateAuthority: false); X509Certificate certificate = certificateGenerator.GenerateCertificateAsn1(issuerKeyPair, random); X509Certificate2 convertCertificate = ConvertCertificate(certificate, subjectKeyPair, random); return(convertCertificate); } }
private static X509Certificate2 GenerateCA(string subjectName) { SecureRandom random = GetSecureRandom(); AsymmetricCipherKeyPair subjectKeyPair = GenerateKeyPair(random, 2048); BigInteger serialNumber = GenerateSerialNumber(random); var certificateGenerator = new X509V3CertificateGenerator(); certificateGenerator.AddIssuer(subjectName, subjectKeyPair, serialNumber); certificateGenerator.SetSubjectDN(new X509Name(subjectName)); certificateGenerator.SetNotBefore(DateTime.UtcNow.Date); certificateGenerator.SetNotAfter(DateTime.UtcNow.Date.AddYears(30)); certificateGenerator.SetPublicKey(subjectKeyPair.Public); certificateGenerator.SetSerialNumber(serialNumber); certificateGenerator.AddSubjectKeyIdentifier(subjectKeyPair); certificateGenerator.AddBasicConstraints(isCertificateAuthority: true); X509Certificate certificate = certificateGenerator.GenerateCertificateAsn1(subjectKeyPair, random); return(ConvertCertificate(certificate, subjectKeyPair, random)); }