public Task GeneratePullReplicationCertificate() { if (ServerStore.Server.Certificate?.Certificate == null) { throw new BadRequestException("This endpoint requires secured server."); } ServerStore.LicenseManager.AssertCanAddPullReplicationAsHub(); var validYears = GetIntValueQueryString("validYears", required: false) ?? 0; // 0 yr. will set the expiration to 3 months var notAfter = validYears == 0 ? DateTime.UtcNow.AddMonths(3) : DateTime.UtcNow.AddYears(validYears); var log = new StringBuilder(); var commonNameValue = "PullReplicationAutogeneratedCertificate"; CertificateUtils.CreateCertificateAuthorityCertificate(commonNameValue + " CA", out var ca, out var caSubjectName, log); CertificateUtils.CreateSelfSignedCertificateBasedOnPrivateKey(commonNameValue, caSubjectName, ca, false, false, notAfter, out var certBytes, log: log); var certificateWithPrivateKey = new X509Certificate2(certBytes, (string)null, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable); certificateWithPrivateKey.Verify(); var keyPairInfo = new PullReplicationCertificate { PublicKey = Convert.ToBase64String(certificateWithPrivateKey.Export(X509ContentType.Cert)), Thumbprint = certificateWithPrivateKey.Thumbprint, Certificate = Convert.ToBase64String(certificateWithPrivateKey.Export(X509ContentType.Pfx)) }; using (ContextPool.AllocateOperationContext(out DocumentsOperationContext context)) using (var writer = new BlittableJsonTextWriter(context, ResponseBodyStream())) { writer.WriteStartObject(); writer.WritePropertyName(nameof(keyPairInfo.PublicKey)); writer.WriteString(keyPairInfo.PublicKey); writer.WriteComma(); writer.WritePropertyName(nameof(keyPairInfo.Certificate)); writer.WriteString(keyPairInfo.Certificate); writer.WriteComma(); writer.WritePropertyName(nameof(keyPairInfo.Thumbprint)); writer.WriteString(keyPairInfo.Thumbprint); writer.WriteEndObject(); } return(Task.CompletedTask); }