/// <summary> /// Create a certificate signing request. /// </summary> /// <param name="subjectName">The subject name of the certificate.</param> /// <param name="keyLength">Size of the key in bits.</param> /// <param name="durationYears">Duration of the certificate, specified in years.</param> /// <param name="oids">Collection of OIDs identifying certificate usage.</param> public static CX509CertificateRequestCertificate CreateCertificateSigningRequest(string subjectName, int keyLength, int durationYears, List <string> oids) { // Prepend the subject name with CN= if it doesn't begin with CN=, E=, etc.. if (subjectName.IndexOf("=") < 0) { subjectName = "CN=" + subjectName; } // Generate a distinguished name. CX500DistinguishedName distinguishedName = new CX500DistinguishedName(); distinguishedName.Encode(subjectName, X500NameFlags.XCN_CERT_NAME_STR_NONE); // Generate a private key. CX509PrivateKey privateKey = new CX509PrivateKey(); privateKey.ExportPolicy = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_PLAINTEXT_EXPORT_FLAG; privateKey.KeySpec = X509KeySpec.XCN_AT_SIGNATURE; privateKey.Length = keyLength; privateKey.MachineContext = true; privateKey.ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0"; privateKey.Create(); // Use the SHA-512 hashing algorithm. CObjectId hashAlgorithm = new CObjectId(); hashAlgorithm.InitializeFromAlgorithmName(ObjectIdGroupId.XCN_CRYPT_HASH_ALG_OID_GROUP_ID, ObjectIdPublicKeyFlags.XCN_CRYPT_OID_INFO_PUBKEY_ANY, AlgorithmFlags.AlgorithmFlagsNone, "SHA512"); // Load the OIDs passed in and specify enhanced key usages. CObjectIds oidCollection = new CObjectIds(); foreach (string oidID in oids) { CObjectId oid = new CObjectId(); oid.InitializeFromValue(oidID); oidCollection.Add(oid); } CX509ExtensionKeyUsage keyUsage = new CX509ExtensionKeyUsage(); keyUsage.InitializeEncode(CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE | CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE); CX509ExtensionEnhancedKeyUsage enhancedKeyUsages = new CX509ExtensionEnhancedKeyUsage(); enhancedKeyUsages.InitializeEncode(oidCollection); string sanSubjectName = subjectName.Substring(subjectName.IndexOf("=") + 1); CAlternativeName sanAlternateName = new CAlternativeName(); sanAlternateName.InitializeFromString(AlternativeNameType.XCN_CERT_ALT_NAME_RFC822_NAME, sanSubjectName); CAlternativeNames sanAlternativeNames = new CAlternativeNames(); sanAlternativeNames.Add(sanAlternateName); CX509ExtensionAlternativeNames alternativeNamesExtension = new CX509ExtensionAlternativeNames(); alternativeNamesExtension.InitializeEncode(sanAlternativeNames); CX509ExtensionSmimeCapabilities smimeCapabilities = new CX509ExtensionSmimeCapabilities(); smimeCapabilities.SmimeCapabilities.AddAvailableSmimeCapabilities(false); // Create the self-signing request. CX509CertificateRequestCertificate cert = new CX509CertificateRequestCertificate(); cert.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextMachine, privateKey, ""); cert.Subject = distinguishedName; cert.Issuer = distinguishedName; cert.NotBefore = DateTime.Now; cert.NotAfter = DateTime.Now.AddYears(1); cert.X509Extensions.Add((CX509Extension)keyUsage); cert.X509Extensions.Add((CX509Extension)enhancedKeyUsages); cert.X509Extensions.Add((CX509Extension)alternativeNamesExtension); cert.X509Extensions.Add((CX509Extension)smimeCapabilities); cert.HashAlgorithm = hashAlgorithm; cert.Encode(); return(cert); }
/// <summary> /// Create a certificate signing request. /// </summary> /// <param name="subjectName">The subject name of the certificate.</param> /// <param name="keyLength">Size of the key in bits.</param> /// <param name="durationYears">Duration of the certificate, specified in years.</param> /// <param name="oids">Collection of OIDs identifying certificate usage.</param> public static CX509CertificateRequestCertificate CreateCertificateSigningRequest(string subjectName, int keyLength, int durationYears, List<string> oids) { // Prepend the subject name with CN= if it doesn't begin with CN=, E=, etc.. if (subjectName.IndexOf("=") < 0) subjectName = "CN=" + subjectName; // Generate a distinguished name. CX500DistinguishedName distinguishedName = new CX500DistinguishedName(); distinguishedName.Encode(subjectName, X500NameFlags.XCN_CERT_NAME_STR_NONE); // Generate a private key. CX509PrivateKey privateKey = new CX509PrivateKey(); privateKey.ExportPolicy = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_PLAINTEXT_EXPORT_FLAG; privateKey.KeySpec = X509KeySpec.XCN_AT_SIGNATURE; privateKey.Length = keyLength; privateKey.MachineContext = true; privateKey.ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0"; privateKey.Create(); // Use the SHA-512 hashing algorithm. CObjectId hashAlgorithm = new CObjectId(); hashAlgorithm.InitializeFromAlgorithmName(ObjectIdGroupId.XCN_CRYPT_HASH_ALG_OID_GROUP_ID, ObjectIdPublicKeyFlags.XCN_CRYPT_OID_INFO_PUBKEY_ANY, AlgorithmFlags.AlgorithmFlagsNone, "SHA512"); // Load the OIDs passed in and specify enhanced key usages. CObjectIds oidCollection = new CObjectIds(); foreach (string oidID in oids) { CObjectId oid = new CObjectId(); oid.InitializeFromValue(oidID); oidCollection.Add(oid); } CX509ExtensionKeyUsage keyUsage = new CX509ExtensionKeyUsage(); keyUsage.InitializeEncode(CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE | CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE); CX509ExtensionEnhancedKeyUsage enhancedKeyUsages = new CX509ExtensionEnhancedKeyUsage(); enhancedKeyUsages.InitializeEncode(oidCollection); string sanSubjectName = subjectName.Substring(subjectName.IndexOf("=") + 1); CAlternativeName sanAlternateName = new CAlternativeName(); sanAlternateName.InitializeFromString(AlternativeNameType.XCN_CERT_ALT_NAME_RFC822_NAME, sanSubjectName); CAlternativeNames sanAlternativeNames = new CAlternativeNames(); sanAlternativeNames.Add(sanAlternateName); CX509ExtensionAlternativeNames alternativeNamesExtension = new CX509ExtensionAlternativeNames(); alternativeNamesExtension.InitializeEncode(sanAlternativeNames); CX509ExtensionSmimeCapabilities smimeCapabilities = new CX509ExtensionSmimeCapabilities(); smimeCapabilities.SmimeCapabilities.AddAvailableSmimeCapabilities(false); // Create the self-signing request. CX509CertificateRequestCertificate cert = new CX509CertificateRequestCertificate(); cert.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextMachine, privateKey, ""); cert.Subject = distinguishedName; cert.Issuer = distinguishedName; cert.NotBefore = DateTime.Now; cert.NotAfter = DateTime.Now.AddYears(1); cert.X509Extensions.Add((CX509Extension)keyUsage); cert.X509Extensions.Add((CX509Extension)enhancedKeyUsages); cert.X509Extensions.Add((CX509Extension)alternativeNamesExtension); cert.X509Extensions.Add((CX509Extension)smimeCapabilities); cert.HashAlgorithm = hashAlgorithm; cert.Encode(); return cert; }