public static X509Certificate2 GenerateCACertificate(
string subjectName, int keyStrength = 2048)
{
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber = BigIntegers.CreateRandomInRange(
BigInteger.One, BigInteger.ValueOf(long.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Issuer and Subject Name
certificateGenerator.SetSubjectAndIssuer(subjectName);
// Valid For
var notBefore = DateTime.UtcNow.Date;
var notAfter = notBefore.AddYears(2);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Generate KeyPair
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var keyPair = keyPairGenerator.GenerateKeyPair();
// Generate Signature Factory
ISignatureFactory sigFact = new Asn1SignatureFactory(
SignatureAlgorithm, keyPair.Private);
// Set extensions
certificateGenerator.AddExtension(
X509Extensions.BasicConstraints,
true,
new BasicConstraints(true));
var ski = new SubjectKeyIdentifier(
SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(
keyPair.Public));
certificateGenerator.AddExtension(
X509Extensions.SubjectKeyIdentifier, false, ski);
// Add Public Key
certificateGenerator.SetPublicKey(keyPair.Public);
// Generating the BC Certificate
var certificate = certificateGenerator.Generate(sigFact);
// Add Private key (and convert to X509Certificate2)
var x509 = GenerateX509WithPrivateKey(
keyPair, certificate);
return(x509);
}
