/// <summary>
/// Set all mandatory fields.
/// </summary>
/// <param name="cg">The cert generator</param>
private void CreateMandatoryFields(X509V3CertificateGenerator cg)
{
m_subjectDN = new CertificateFactoryX509Name(SubjectName.Name);
// subject and issuer DN, issuer of issuer for AKI
m_issuerDN = null;
m_issuerIssuerAKI = null;
if (IssuerCAKeyCert != null)
{
m_issuerDN = new CertificateFactoryX509Name(IssuerCAKeyCert.Subject);
m_issuerIssuerAKI = new CertificateFactoryX509Name(IssuerCAKeyCert.Issuer);
}
else
{
// self signed
m_issuerDN = m_subjectDN;
m_issuerIssuerAKI = m_subjectDN;
}
cg.SetIssuerDN(m_issuerDN);
cg.SetSubjectDN(m_subjectDN);
// valid for
cg.SetNotBefore(NotBefore.ToUniversalTime());
cg.SetNotAfter(NotAfter.ToUniversalTime());
// serial number
cg.SetSerialNumber(new BigInteger(1, m_serialNumber.Reverse().ToArray()));
}
public X509Certificate2 CreateCertificate(string subjectName, string alternateName)
{
using (var rsa = Authority == null
? new RSACryptoServiceProvider(KeyLength)
: new RSACryptoServiceProvider(KeyLength, new CspParameters(1, "Microsoft Base Cryptographic Provider v1.0", Guid.NewGuid().ToString())))
{
var certificateRequest = new CertificateRequest(subjectName, rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
if (Authority == null)
{
certificateRequest.CertificateExtensions.Add(new X509BasicConstraintsExtension(true, false, 0, true));
certificateRequest.CertificateExtensions.Add(new X509SubjectKeyIdentifierExtension(certificateRequest.PublicKey, false));
using (X509Certificate2 certificate = certificateRequest.CreateSelfSigned(NotBefore.ToUniversalTime(), NotAfter.ToUniversalTime()))
{
certificate.FriendlyName = alternateName;
return(new X509Certificate2(certificate.Export(X509ContentType.Pfx, string.Empty), string.Empty, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet));
}
}
else
{
var sanBuilder = new SubjectAlternativeNameBuilder();
sanBuilder.AddDnsName(alternateName);
certificateRequest.CertificateExtensions.Add(sanBuilder.Build());
certificateRequest.CertificateExtensions.Add(new X509BasicConstraintsExtension(false, false, 0, false));
certificateRequest.CertificateExtensions.Add(new X509SubjectKeyIdentifierExtension(certificateRequest.PublicKey, false));
using (X509Certificate2 certificate = certificateRequest.Create(Authority, Authority.NotBefore, Authority.NotAfter, Guid.NewGuid().ToByteArray()))
using (X509Certificate2 certificateWithPrivateKey = certificate.CopyWithPrivateKey(rsa))
{
certificateWithPrivateKey.FriendlyName = alternateName;
return(new X509Certificate2(certificateWithPrivateKey.Export(X509ContentType.Pfx, string.Empty), string.Empty, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet));
}
}
}
}
public X509Certificate2 CreateCertificate(string subjectName, string alternateName, X509Certificate2 authority)
{
var rsa = authority == null
? new RSACryptoServiceProvider(KeyLength)
: new RSACryptoServiceProvider(KeyLength, new CspParameters(1, "Microsoft Base Cryptographic Provider v1.0", Guid.NewGuid().ToString()));
if (authority == null)
{
var authorityCertificateRequest = new CertificateRequest(subjectName, rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
authorityCertificateRequest.CertificateExtensions.Add(new X509BasicConstraintsExtension(true, false, 0, true));
authorityCertificateRequest.CertificateExtensions.Add(new X509SubjectKeyIdentifierExtension(authorityCertificateRequest.PublicKey, false));
authority = authorityCertificateRequest.CreateSelfSigned(NotBefore.ToUniversalTime(), NotAfter.ToUniversalTime());
return(new X509Certificate2(authority.Export(X509ContentType.Pfx, string.Empty), string.Empty, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet));
}
else
{
var sanBuilder = new SubjectAlternativeNameBuilder();
sanBuilder.AddDnsName(alternateName);
var certificateRequest = new CertificateRequest(subjectName, rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
certificateRequest.CertificateExtensions.Add(sanBuilder.Build());
certificateRequest.CertificateExtensions.Add(new X509BasicConstraintsExtension(false, false, 0, false));
certificateRequest.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.NonRepudiation | X509KeyUsageFlags.DataEncipherment | X509KeyUsageFlags.KeyEncipherment, true));
certificateRequest.CertificateExtensions.Add(new X509EnhancedKeyUsageExtension(new OidCollection {
new Oid("1.3.6.1.5.5.7.3.1")
}, true));
certificateRequest.CertificateExtensions.Add(new X509SubjectKeyIdentifierExtension(certificateRequest.PublicKey, false));
X509Certificate2 certificate = certificateRequest.Create(authority, authority.NotBefore.ToUniversalTime(), authority.NotAfter.ToUniversalTime(), Guid.NewGuid().ToByteArray());
certificate = certificate.CopyWithPrivateKey(rsa);
return(new X509Certificate2(certificate.Export(X509ContentType.Pfx, string.Empty), string.Empty, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet));
}
}