/// <summary>
/// Generates a self-signed certificate with a specified <paramref name="issuerName"/> and <paramref name="subjectName"/>.
/// </summary>
/// <param name="subjectName">The subject name of the self-signed certificate.</param>
/// <param name="issuerName">The issuer name of the self-signed certificate.</param>
/// <exception cref="ArgumentException">When the <paramref name="subjectName"/> is <c>null</c>.</exception>
/// <exception cref="ArgumentException">When the <paramref name="issuerName"/> is <c>null</c>.</exception>
public static X509Certificate2 CreateWithIssuerAndSubjectName(string issuerName, string subjectName)
{
Guard.NotNullOrWhitespace(subjectName, nameof(subjectName), "Subject name should not be blank");
Guard.NotNullOrWhitespace(issuerName, nameof(issuerName), "Issuer name should not be blank");
issuerName = issuerName.StartsWith("CN=") ? issuerName : "CN=" + issuerName;
subjectName = subjectName.StartsWith("CN=") ? subjectName : "CN=" + subjectName;
SecureRandom random = GetSecureRandom();
AsymmetricCipherKeyPair subjectKeyPair = GenerateKeyPair(random, 2048);
BigInteger serialNumber = GenerateSerialNumber(random);
using (X509Certificate2 issuerCert = GenerateCA(issuerName))
{
AsymmetricCipherKeyPair issuerKeyPair = DotNetUtilities.GetKeyPair(issuerCert.PrivateKey);
var issuerSerialNumber = new BigInteger(issuerCert.GetSerialNumber());
var certificateGenerator = new X509V3CertificateGenerator();
certificateGenerator.AddIssuer(issuerName, issuerKeyPair, issuerSerialNumber);
certificateGenerator.SetSubjectDN(new X509Name(subjectName));
certificateGenerator.SetNotBefore(DateTime.UtcNow.Date);
certificateGenerator.SetNotAfter(DateTime.UtcNow.Date.AddYears(30));
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
certificateGenerator.SetSerialNumber(serialNumber);
certificateGenerator.AddSubjectKeyIdentifier(subjectKeyPair);
certificateGenerator.AddBasicConstraints(isCertificateAuthority: false);
X509Certificate certificate = certificateGenerator.GenerateCertificateAsn1(issuerKeyPair, random);
X509Certificate2 convertCertificate = ConvertCertificate(certificate, subjectKeyPair, random);
return(convertCertificate);
}
}
private static X509Certificate2 GenerateCA(string subjectName)
{
SecureRandom random = GetSecureRandom();
AsymmetricCipherKeyPair subjectKeyPair = GenerateKeyPair(random, 2048);
BigInteger serialNumber = GenerateSerialNumber(random);
var certificateGenerator = new X509V3CertificateGenerator();
certificateGenerator.AddIssuer(subjectName, subjectKeyPair, serialNumber);
certificateGenerator.SetSubjectDN(new X509Name(subjectName));
certificateGenerator.SetNotBefore(DateTime.UtcNow.Date);
certificateGenerator.SetNotAfter(DateTime.UtcNow.Date.AddYears(30));
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
certificateGenerator.SetSerialNumber(serialNumber);
certificateGenerator.AddSubjectKeyIdentifier(subjectKeyPair);
certificateGenerator.AddBasicConstraints(isCertificateAuthority: true);
X509Certificate certificate = certificateGenerator.GenerateCertificateAsn1(subjectKeyPair, random);
return(ConvertCertificate(certificate, subjectKeyPair, random));
}
