public byte[] GeneratePKCS10() { IX509Enrollment2 cEnroll = new CX509EnrollmentClass(); cEnroll.Initialize(X509CertificateEnrollmentContext.ContextUser); string str; str = "-----BEGIN CERTIFICATE REQUEST-----" + Environment.NewLine; str += cEnroll.CreateRequest(); str += "-----END CERTIFICATE REQUEST-----"; //var p10B64 = Convert.ToBase64String(p10, Base64FormattingOptions.InsertLineBreaks); //var binaryP10B64 = Encoding.ASCII.GetBytes(p10B64); return Encoding.ASCII.GetBytes(str); }
private void btn_savepfx_Click(object sender, RoutedEventArgs e) { string passwd = txt_Pfxpasswd.Password; string caserver = txt_CAServer.Text; string dir = Directory.GetParent(Assembly.GetExecutingAssembly().Location).ToString(); if (Certs.Count == 0) { MessageBox.Show("No Request(s) To Save"); return; } foreach (Certificates c in Certs) { if (c.Status != "File Created!" && c.Status == "certificate issued") { CX509Enrollment objEnroll = new CX509EnrollmentClass(); var objCertRequest = new CCertRequest(); var iDisposition = objCertRequest.RetrievePending(Convert.ToInt32(c.ID), caserver); if (Convert.ToInt32(iDisposition) == 3) { var cert = objCertRequest.GetCertificate(CR_OUT_BASE64 | CR_OUT_CHAIN); objEnroll.Initialize(X509CertificateEnrollmentContext.ContextUser); objEnroll.InstallResponse( InstallResponseRestrictionFlags.AllowUntrustedRoot, cert, EncodingType.XCN_CRYPT_STRING_BASE64, null ); c.Status = "File Created!"; var fil = objEnroll.CreatePFX(passwd, PFXExportOptions.PFXExportChainWithRoot, EncodingType.XCN_CRYPT_STRING_BASE64); System.IO.File.WriteAllText(dir + @"\" + c.FQDN + ".pfx", fil); } } } }
public X509Certificate2 ImportResponse(string pResponse) { CX509Enrollment objEnroll = new CX509EnrollmentClass(); try { var strCert = pResponse; // Install the certificate objEnroll.Initialize(X509CertificateEnrollmentContext.ContextUser); objEnroll.InstallResponse( InstallResponseRestrictionFlags.AllowUntrustedRoot, strCert, EncodingType.XCN_CRYPT_STRING_BASE64HEADER, null ); var x509Cert = new X509Certificate2(Encoding.ASCII.GetBytes(pResponse)); return(x509Cert); } catch (Exception ex) { EventLogHelper.LogEvent(ex.Message + "\n\r" + ex.StackTrace); return(null); } }
/// <summary> /// The install certificate response. /// </summary> /// <param name="response"> /// The response. /// </param> /// <returns> /// The <see cref="bool"/>. /// </returns> public bool InstallCertificateResponse(string response) { this.LastError.Clear(); try { var objEnroll = new CX509EnrollmentClass(); objEnroll.Initialize(X509CertificateEnrollmentContext.ContextUser); objEnroll.InstallResponse(InstallResponseRestrictionFlags.AllowUntrustedRoot, response, EncodingType.XCN_CRYPT_STRING_BASE64, null); return(true); } catch (Exception ex) { this.LastError.Add(ex.Message); return(false); } }
public SSLCertificate InstallCertificate(SSLCertificate cert, WebSite website) { CX509Enrollment response = new CX509EnrollmentClass(); try { response.Initialize(X509CertificateEnrollmentContext.ContextMachine); response.InstallResponse( InstallResponseRestrictionFlags.AllowUntrustedRoot, cert.Certificate, EncodingType.XCN_CRYPT_STRING_BASE64HEADER, null ); SSLCertificate servercert = (from c in GetServerCertificates() where c.FriendlyName == cert.FriendlyName select c).Single(); cert.SerialNumber = servercert.SerialNumber; cert.ValidFrom = servercert.ValidFrom; cert.ExpiryDate = servercert.ExpiryDate; cert.Hash = servercert.Hash; cert.DistinguishedName = servercert.DistinguishedName; if (cert.IsRenewal && CheckCertificate(website)) { DeleteCertificate(GetCurrentSiteCertificate(website), website); } AddBinding(cert, website); } catch (Exception ex) { Log.WriteError("Error adding SSL certificate", ex); cert.Success = false; } return(cert); }
public void GenerateCsr(SSLCertificate cert) { // Create all the objects that will be required CX509CertificateRequestPkcs10 pkcs10 = new CX509CertificateRequestPkcs10Class(); CX509PrivateKey privateKey = new CX509PrivateKeyClass(); CCspInformation csp = new CCspInformationClass(); CCspInformations csPs = new CCspInformationsClass(); CX500DistinguishedName dn = new CX500DistinguishedNameClass(); CX509Enrollment enroll = new CX509EnrollmentClass(); CObjectIds objectIds = new CObjectIdsClass(); CObjectId clientObjectId = new CObjectIdClass(); CObjectId serverObjectId = new CObjectIdClass(); CX509ExtensionKeyUsage extensionKeyUsage = new CX509ExtensionKeyUsageClass(); CX509ExtensionEnhancedKeyUsage x509ExtensionEnhancedKeyUsage = new CX509ExtensionEnhancedKeyUsageClass(); try { // Initialize the csp object using the desired Cryptograhic Service Provider (CSP) csp.InitializeFromName("Microsoft RSA SChannel Cryptographic Provider"); // Add this CSP object to the CSP collection object csPs.Add(csp); // Provide key container name, key length and key spec to the private key object //objPrivateKey.ContainerName = "AlejaCMa"; privateKey.Length = cert.CSRLength; privateKey.KeySpec = X509KeySpec.XCN_AT_SIGNATURE; privateKey.KeyUsage = X509PrivateKeyUsageFlags.XCN_NCRYPT_ALLOW_ALL_USAGES; privateKey.ExportPolicy = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_PLAINTEXT_EXPORT_FLAG | X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_FLAG; privateKey.MachineContext = true; // Provide the CSP collection object (in this case containing only 1 CSP object) // to the private key object privateKey.CspInformations = csPs; // Create the actual key pair privateKey.Create(); // Initialize the PKCS#10 certificate request object based on the private key. // Using the context, indicate that this is a user certificate request and don't // provide a template name pkcs10.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextMachine, privateKey, ""); cert.PrivateKey = privateKey.ToString(); // Key Usage Extension extensionKeyUsage.InitializeEncode( CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE | CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_NON_REPUDIATION_KEY_USAGE | CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE | CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_DATA_ENCIPHERMENT_KEY_USAGE ); pkcs10.X509Extensions.Add((CX509Extension)extensionKeyUsage); // Enhanced Key Usage Extension clientObjectId.InitializeFromValue("1.3.6.1.5.5.7.3.2"); objectIds.Add(clientObjectId); serverObjectId.InitializeFromValue("1.3.6.1.5.5.7.3.1"); objectIds.Add(serverObjectId); x509ExtensionEnhancedKeyUsage.InitializeEncode(objectIds); pkcs10.X509Extensions.Add((CX509Extension)x509ExtensionEnhancedKeyUsage); // Encode the name in using the Distinguished Name object string request = String.Format(@"CN={0}, O={1}, OU={2}, L={3}, S={4}, C={5}", cert.Hostname, cert.Organisation, cert.OrganisationUnit, cert.City, cert.State, cert.Country); dn.Encode(request, X500NameFlags.XCN_CERT_NAME_STR_NONE); // Assing the subject name by using the Distinguished Name object initialized above pkcs10.Subject = dn; // Create enrollment request enroll.InitializeFromRequest(pkcs10); enroll.CertificateFriendlyName = cert.FriendlyName; cert.CSR = enroll.CreateRequest(EncodingType.XCN_CRYPT_STRING_BASE64REQUESTHEADER); } catch (Exception ex) { Log.WriteError("Error creating CSR", ex); } }
public SSLCertificate InstallCertificate(SSLCertificate cert, WebSite website) { CX509Enrollment response = new CX509EnrollmentClass(); try { response.Initialize(X509CertificateEnrollmentContext.ContextMachine); response.InstallResponse( InstallResponseRestrictionFlags.AllowUntrustedRoot, cert.Certificate, EncodingType.XCN_CRYPT_STRING_BASE64HEADER, null ); SSLCertificate servercert = (from c in GetServerCertificates() where c.FriendlyName == cert.FriendlyName select c).Single(); cert.SerialNumber = servercert.SerialNumber; cert.ValidFrom = servercert.ValidFrom; cert.ExpiryDate = servercert.ExpiryDate; cert.Hash = servercert.Hash; cert.DistinguishedName = servercert.DistinguishedName; if (cert.IsRenewal && CheckCertificate(website)) { DeleteCertificate(GetCurrentSiteCertificate(website), website); } AddBinding(cert, website); } catch (Exception ex) { Log.WriteError("Error adding SSL certificate", ex); cert.Success = false; } return cert; }