/// <summary> /// Create a Self signed certificate with all options which can also be used as a root certificate /// </summary> /// <param name="distinguishedName">Distinguished Name used for the subject and the issuer properties</param> /// <param name="validityPeriod">Valid from, Valid to certificate properties</param> /// <param name="subjectAlternativeName">SAN but only DnsNames can be added as a list + Email property</param> /// <param name="enhancedKeyUsages">Defines how the certificate key can be used. /// new Oid("1.3.6.1.5.5.7.3.1") // TLS Server auth /// new Oid("1.3.6.1.5.5.7.3.2") // TLS Client auth /// new Oid("1.3.6.1.5.5.7.3.3") // Code signing /// new Oid("1.3.6.1.5.5.7.3.4") // Email /// new Oid("1.3.6.1.5.5.7.3.8") // Timestamping /// </param> /// <param name="x509KeyUsageFlags">Defines how the certificate key can be used. /// None No key usage parameters. /// EncipherOnly The key can be used for encryption only. /// CrlSign The key can be used to sign a certificate revocation list (CRL). /// KeyCertSign The key can be used to sign certificates. /// KeyAgreement The key can be used to determine key agreement, such as a key created using the Diffie-Hellman key agreement algorithm. /// DataEncipherment The key can be used for data encryption. /// KeyEncipherment The key can be used for key encryption. /// NonRepudiation The key can be used for authentication. /// DecipherOnly The key can be used for decryption only. /// </param> /// <returns>Self signed certificate</returns> public X509Certificate2 NewECDsaSelfSignedCertificate( DistinguishedName distinguishedName, BasicConstraints basicConstraints, ValidityPeriod validityPeriod, SubjectAlternativeName subjectAlternativeName, OidCollection enhancedKeyUsages, X509KeyUsageFlags x509KeyUsageFlags, ECDsaConfiguration eCDsaConfiguration) { using var ecdsa = ECDsa.Create("ECDsa"); ecdsa.KeySize = eCDsaConfiguration.KeySize; var request = new CertificateRequest( _certificateUtility.CreateIssuerOrSubject(distinguishedName), ecdsa, eCDsaConfiguration.HashAlgorithmName); X509Certificate2 generatedCertificate = SelfSignedConfiguration( basicConstraints, validityPeriod, subjectAlternativeName, enhancedKeyUsages, x509KeyUsageFlags, request); return(generatedCertificate); }
public X509Certificate2 NewECDsaChainedCertificate( DistinguishedName distinguishedName, BasicConstraints basicConstraints, ValidityPeriod validityPeriod, SubjectAlternativeName subjectAlternativeName, X509Certificate2 signingCertificate, OidCollection enhancedKeyUsages, X509KeyUsageFlags x509KeyUsageFlags, ECDsaConfiguration eCDsaConfiguration) { if (signingCertificate == null) { throw new ArgumentNullException(nameof(signingCertificate)); } if (!signingCertificate.HasPrivateKey) { throw new Exception("Signing cert must have private key"); } using var ecdsa = ECDsa.Create("ECDsa"); ecdsa.KeySize = eCDsaConfiguration.KeySize; var request = new CertificateRequest( _certificateUtility.CreateIssuerOrSubject(distinguishedName), ecdsa, eCDsaConfiguration.HashAlgorithmName); X509Certificate2 cert = ChainedConfiguration( basicConstraints, validityPeriod, subjectAlternativeName, signingCertificate, enhancedKeyUsages, x509KeyUsageFlags, request); return(cert.CopyWithPrivateKey(ecdsa)); }