public FileContentResult get_ssl_certificate(DistinguishedName dName)
{
var rootCA = CertUtil.getInstance().getRootCA();
var rsa = RSA.Create();
var request = new CertificateRequest(dName.getX509DistinguishedName(), rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
var subjectANB = new SubjectAlternativeNameBuilder();
subjectANB.AddDnsName(dName.DNS);
subjectANB.AddEmailAddress(dName.E);
request.CertificateExtensions.Add(subjectANB.Build());
request.CertificateExtensions.Add(new X509BasicConstraintsExtension(false, false, 0, false));
request.CertificateExtensions.Add(new X509KeyUsageExtension(
X509KeyUsageFlags.DigitalSignature |
X509KeyUsageFlags.KeyCertSign |
X509KeyUsageFlags.KeyEncipherment |
X509KeyUsageFlags.DataEncipherment |
X509KeyUsageFlags.NonRepudiation, false)
);
// set the AuthorityKeyIdentifier. There is no built-in
// support, so it needs to be copied from the Subject Key
// Identifier of the signing certificate and massaged slightly.
// AuthorityKeyIdentifier is "KeyID="
var issuerSubjectKey = rootCA.Extensions["Subject Key Identifier"].RawData;
var segment = new byte[issuerSubjectKey.Length - 2];
Buffer.BlockCopy(issuerSubjectKey, 2, segment, 0, issuerSubjectKey.Length - 2);
var authorityKeyIdentifer = new byte[segment.Length + 4];
// these bytes define the "KeyID" part of the AuthorityKeyIdentifer
var KeyID = new byte[] { 0x30, 0x16, 0x80, 0x14 };
KeyID.CopyTo(authorityKeyIdentifer, 0);
segment.CopyTo(authorityKeyIdentifer, 4);
request.CertificateExtensions.Add(new X509Extension("2.5.29.35", authorityKeyIdentifer, false));
request.CertificateExtensions.Add(new X509EnhancedKeyUsageExtension(
new OidCollection {
new Oid("1.3.6.1.5.5.7.3.8"), // Timestamping
new Oid("1.3.6.1.5.5.7.3.2"), // TLS Client auth
new Oid("1.3.6.1.5.5.7.3.1") // TLS Server auth
}, false)
);
request.CertificateExtensions.Add(new X509SubjectKeyIdentifierExtension(request.PublicKey, false));
// Add Time and Key
X509Certificate2 sslCert = request.Create(rootCA, DateTimeOffset.Now, DateTimeOffset.Now.AddYears(1), BitConverter.GetBytes(DateTimeOffset.Now.Ticks));
sslCert = sslCert.CopyWithPrivateKey(rsa);
// Create PFX (PKCS #12) with private key
byte[] p12Cert = sslCert.Export(X509ContentType.Pkcs12, "password");
// Create Base 64 encoded CER (public key only)
string cerCert = "-----BEGIN CERTIFICATE-----\r\n" + Convert.ToBase64String(sslCert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks) + "\r\n-----END CERTIFICATE-----";
byte[] pfxCert = sslCert.Export(X509ContentType.Pfx, "password");
String CertID = DateTimeOffset.Now.Ticks.ToString();
// Write to disk
System.IO.File.WriteAllBytes(AppContext.BaseDirectory + "/" + CertID + ".p12", p12Cert);
System.IO.File.WriteAllText(AppContext.BaseDirectory + "/" + CertID + ".cer", cerCert);
System.IO.File.WriteAllBytes(AppContext.BaseDirectory + "/" + CertID + ".pfx", pfxCert);
FileContentResult fcResult = File(p12Cert, "application/octet-stream", CertID + ".p12");
//FileContentResult fcResult = File(System.Text.Encoding.ASCII.GetBytes(cerCert), "application/octet-stream", "176743490865.cer");
return(fcResult);
}
