/// <summary> /// Generate a self-signed CA certificate /// </summary> /// <param name="subject">The X500 subject string</param> /// <param name="rsaKeySize">The size of the RSA key to generate</param> /// <param name="hashAlgorithm">Specify the signature hash algorithm</param> /// <returns>An X509Certificate2 object containing the full certificate</returns> public static X509Certificate2 GenerateCACert(string subject, int rsaKeySize, CertificateHashAlgorithm hashAlgorithm) { X509ExtensionCollection exts = new X509ExtensionCollection(); DateTime dt = DateTime.Now.AddYears(-1); exts.Add(new X509BasicConstraintsExtension(true, false, 0, false)); return(CertificateBuilder.CreateCert(null, new X500DistinguishedName(subject), null, rsaKeySize, hashAlgorithm, dt, dt.AddYears(10), exts)); }
/// <summary> /// Take an existing certificate, clone its details and resign with a new root CA /// </summary> /// <param name="toClone">The certificate to clone</param> /// <param name="rootCert">The root CA certificate to sign with</param> /// <param name="newSerial">True to generate a new serial for this certificate</param> /// <param name="rsaKeySize">The size of the RSA key to generate</param> /// <param name="hashAlgorithm">Specify the signature hash algorithm</param> /// <returns></returns> public static X509Certificate2 CloneAndSignCertificate(X509Certificate toClone, X509Certificate2 rootCert, bool newSerial, int rsaKeySize, CertificateHashAlgorithm hashAlgorithm) { X509Certificate2 cert2 = new X509Certificate2(toClone.Export(X509ContentType.Cert)); X509ExtensionCollection extensions = new X509ExtensionCollection(); foreach (var ext in cert2.Extensions) { // Remove CRL distribution locations and authority information, they tend to break SSL negotiation if ((ext.Oid.Value != szOID_CRL_DISTRIBUTION) && (ext.Oid.Value != szOID_AUTHORITY_INFO)) { extensions.Add(ext); } } return(CertificateBuilder.CreateCert(rootCert, cert2.SubjectName, newSerial ? null : cert2.GetSerialNumber(), rsaKeySize, hashAlgorithm, cert2.NotBefore, cert2.NotAfter, extensions)); }
/// <summary> /// Generate a self signed certificate including a private key /// </summary> /// <param name="subject">The X500 subject string</param> /// <param name="rsaKeySize">Specify the RSA key size in bits</param> /// <param name="hashAlgorithm">Specify the signature hash algorithm</param> /// <returns>An X509Certificate2 object containing the full certificate</returns> public static X509Certificate2 GenerateSelfSignedCert(string subject, int rsaKeySize, CertificateHashAlgorithm hashAlgorithm) { DateTime dt = DateTime.Now; return(CertificateBuilder.CreateCert(null, new X500DistinguishedName(subject), null, rsaKeySize, hashAlgorithm, dt, dt.AddYears(10), null)); }
/// <summary> /// Create a new certificate /// </summary> /// <param name="issuer">Issuer certificate, if null then self-sign</param> /// <param name="subjectName">Subject name</param> /// <param name="serialNumber">Serial number of certificate, if null then will generate a new one</param> /// <param name="signature">If true create an AT_SIGNATURE key, otherwise AT_EXCHANGE</param> /// <param name="keySize">Size of RSA key</param> /// <param name="hashAlgorithm">The hash algorithm for the certificate</param> /// <param name="notBefore">Start date of certificate</param> /// <param name="notAfter">End date of certificate</param> /// <param name="extensions">Array of extensions, if null then no extensions</param> /// <returns>The created X509 certificate</returns> public static X509Certificate2 CreateCert(X509Certificate2 issuer, X500DistinguishedName subjectName, byte[] serialNumber, int keySize, CertificateHashAlgorithm hashAlgorithm, DateTime notBefore, DateTime notAfter, X509ExtensionCollection extensions) { return(CertificateBuilder.CreateCert(issuer, subjectName, serialNumber, keySize, hashAlgorithm, notBefore, notAfter, extensions)); }