private X509Certificate2 CreateRootCASelfSignedCertWithKey()
{
X509Certificate2 rootCACertWithKey = null;
// Well kwnon CA cert. It belongs to the CA API, it should just sign the very first intermediate cert
using (AsymmetricAlgorithm rootKeyCAPrivKey = RSA.Create(3072))
{
// Create CSR
CertificateRequest rootKeyCARequest = X509CertificateOperations
.CreateChainRequest(
this.RootCADistinguishedName,
rootKeyCAPrivKey,
HashAlgorithmName.SHA512,
true, null);
rootCACertWithKey = rootKeyCARequest
.CreateX509SelfSignedCert(
10000);
}
return(rootCACertWithKey);
}