/// <summary>
/// Generate a self-signed CA certificate
/// </summary>
/// <param name="subject">The X500 subject string</param>
/// <param name="rsaKeySize">The size of the RSA key to generate</param>
/// <param name="hashAlgorithm">Specify the signature hash algorithm</param>
/// <returns>An X509Certificate2 object containing the full certificate</returns>
public static X509Certificate2 GenerateCACert(string subject, int rsaKeySize, CertificateHashAlgorithm hashAlgorithm)
{
X509ExtensionCollection exts = new X509ExtensionCollection();
DateTime dt = DateTime.Now.AddYears(-1);
exts.Add(new X509BasicConstraintsExtension(true, false, 0, false));
return(CertificateBuilder.CreateCert(null, new X500DistinguishedName(subject),
null, rsaKeySize, hashAlgorithm, dt, dt.AddYears(10), exts));
}
/// <summary>
/// Take an existing certificate, clone its details and resign with a new root CA
/// </summary>
/// <param name="toClone">The certificate to clone</param>
/// <param name="rootCert">The root CA certificate to sign with</param>
/// <param name="newSerial">True to generate a new serial for this certificate</param>
/// <param name="rsaKeySize">The size of the RSA key to generate</param>
/// <param name="hashAlgorithm">Specify the signature hash algorithm</param>
/// <returns></returns>
public static X509Certificate2 CloneAndSignCertificate(X509Certificate toClone, X509Certificate2 rootCert, bool newSerial, int rsaKeySize, CertificateHashAlgorithm hashAlgorithm)
{
X509Certificate2 cert2 = new X509Certificate2(toClone.Export(X509ContentType.Cert));
X509ExtensionCollection extensions = new X509ExtensionCollection();
foreach (var ext in cert2.Extensions)
{
// Remove CRL distribution locations and authority information, they tend to break SSL negotiation
if ((ext.Oid.Value != szOID_CRL_DISTRIBUTION) && (ext.Oid.Value != szOID_AUTHORITY_INFO))
{
extensions.Add(ext);
}
}
return(CertificateBuilder.CreateCert(rootCert, cert2.SubjectName, newSerial ? null : cert2.GetSerialNumber(),
rsaKeySize, hashAlgorithm, cert2.NotBefore, cert2.NotAfter, extensions));
}
/// <summary>
/// Generate a self signed certificate including a private key
/// </summary>
/// <param name="subject">The X500 subject string</param>
/// <param name="rsaKeySize">Specify the RSA key size in bits</param>
/// <param name="hashAlgorithm">Specify the signature hash algorithm</param>
/// <returns>An X509Certificate2 object containing the full certificate</returns>
public static X509Certificate2 GenerateSelfSignedCert(string subject, int rsaKeySize, CertificateHashAlgorithm hashAlgorithm)
{
DateTime dt = DateTime.Now;
return(CertificateBuilder.CreateCert(null, new X500DistinguishedName(subject), null, rsaKeySize, hashAlgorithm, dt, dt.AddYears(10), null));
}
/// <summary>
/// Create a new certificate
/// </summary>
/// <param name="issuer">Issuer certificate, if null then self-sign</param>
/// <param name="subjectName">Subject name</param>
/// <param name="serialNumber">Serial number of certificate, if null then will generate a new one</param>
/// <param name="signature">If true create an AT_SIGNATURE key, otherwise AT_EXCHANGE</param>
/// <param name="keySize">Size of RSA key</param>
/// <param name="hashAlgorithm">The hash algorithm for the certificate</param>
/// <param name="notBefore">Start date of certificate</param>
/// <param name="notAfter">End date of certificate</param>
/// <param name="extensions">Array of extensions, if null then no extensions</param>
/// <returns>The created X509 certificate</returns>
public static X509Certificate2 CreateCert(X509Certificate2 issuer, X500DistinguishedName subjectName,
byte[] serialNumber, int keySize, CertificateHashAlgorithm hashAlgorithm, DateTime notBefore, DateTime notAfter, X509ExtensionCollection extensions)
{
return(CertificateBuilder.CreateCert(issuer, subjectName, serialNumber, keySize, hashAlgorithm, notBefore, notAfter, extensions));
}
