static void Main() { // Create all the objects that will be required CX509CertificateRequestPkcs10 p10 = new CX509CertificateRequestPkcs10Class(); CX509PrivateKey pri = new CX509PrivateKeyClass(); CCspInformation csp = new CCspInformationClass(); CCspInformations csps = new CCspInformationsClass(); CX500DistinguishedName dn = new CX500DistinguishedNameClass(); string base64p10; // Initialize the csp object using the desired Cryptograhic Service Provider (CSP) csp.InitializeFromName("Microsoft Enhanced Cryptographic Provider v1.0"); // Add this CSP object to the CSP collection object csps.Add(csp); // Provide key container name, key length and key spec to the private key object pri.ContainerName = "PutYourContainerName"; pri.Length = 1024; pri.KeySpec = X509KeySpec.XCN_AT_KEYEXCHANGE; // Provide the CSP collection object (in this case containing only 1 CSP object) // to the private key object pri.CspInformations = csps; // Create the actual key pair pri.Create(); // Encode the name in using the Distinguished Name object dn.Encode("CN=YourName", X500NameFlags.XCN_CERT_NAME_STR_NONE); // Initialize the PKCS#10 certificate request object based on the private key. // Using the context, indicate that this is a user certificate request and don't // provide a template name p10.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextUser, pri, ""); // The newly created certificate request object will contain some default extensions. // Suppress these defaults by setting the SuppressDefaults flag p10.SuppressDefaults = true; // Assing the subject name by using the Distinguished Name object initialized above p10.Subject = dn; // Encode the certificate request p10.Encode(); // Get the certificate request in form of a base 64 encoded string base64p10 = p10.get_RawData(EncodingType.XCN_CRYPT_STRING_BASE64); // print the certificate request on the console Console.Write(base64p10); Console.ReadKey(); return; }
static void Main() { // Create all the objects that will be required CX509CertificateRequestPkcs10 p10 = new CX509CertificateRequestPkcs10Class(); CX509PrivateKey pri = new CX509PrivateKeyClass(); CX500DistinguishedName dn = new CX500DistinguishedNameClass(); CObjectId objecc = new CObjectIdClass(); CObjectId objhash = new CObjectId(); string base64p10; // Initialize the object ID class for the ECC algorithm (ECDSA_P256) // objecc.InitializeFromAlgorithmName(ObjectIdGroupId.XCN_CRYPT_PUBKEY_ALG_OID_GROUP_ID, ObjectIdPublicKeyFlags.XCN_CRYPT_OID_INFO_PUBKEY_ANY, "ECDSA_P256"); objecc.InitializeFromAlgorithmName(ObjectIdGroupId.XCN_CRYPT_PUBKEY_ALG_OID_GROUP_ID, ObjectIdPublicKeyFlags.XCN_CRYPT_OID_INFO_PUBKEY_ANY, AlgorithmFlags.AlgorithmFlagsNone, "ECDSA_P256"); // Initialize the object ID class for the hashing algorithm (SHA384) objhash.InitializeFromAlgorithmName(ObjectIdGroupId.XCN_CRYPT_HASH_ALG_OID_GROUP_ID, ObjectIdPublicKeyFlags.XCN_CRYPT_OID_INFO_PUBKEY_ANY, AlgorithmFlags.AlgorithmFlagsNone, "SHA384"); // Provide provider name and the object id to the private key object pri.ProviderName = "Microsoft Software Key Storage Provider"; pri.Algorithm = objecc; // Create the actual key pair pri.Create(); // Encode the name in using the Distinguished Name object dn.Encode("CN=YourName", X500NameFlags.XCN_CERT_NAME_STR_NONE); // Initialize the PKCS#10 certificate request object based on the private key. // Using the context, indicate that this is a user certificate request and don't // provide a template name p10.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextUser, pri, ""); // The newly created certificate request object will contain some default extensions. // Suppress these defaults by setting the SuppressDefaults flag p10.SuppressDefaults = true; p10.HashAlgorithm = objhash; // Assing the subject name by using the Distinguished Name object initialized above p10.Subject = dn; // Encode the certificate request p10.Encode(); // Get the certificate request in form of a base 64 encoded string base64p10 = p10.get_RawData(EncodingType.XCN_CRYPT_STRING_BASE64); // print the certificate request on the console Console.Write(base64p10); Console.ReadKey(); return; }
public void GenerateCsr(SSLCertificate cert) { // Create all the objects that will be required CX509CertificateRequestPkcs10 pkcs10 = new CX509CertificateRequestPkcs10Class(); CX509PrivateKey privateKey = new CX509PrivateKeyClass(); CCspInformation csp = new CCspInformationClass(); CCspInformations csPs = new CCspInformationsClass(); CX500DistinguishedName dn = new CX500DistinguishedNameClass(); CX509Enrollment enroll = new CX509EnrollmentClass(); CObjectIds objectIds = new CObjectIdsClass(); CObjectId clientObjectId = new CObjectIdClass(); CObjectId serverObjectId = new CObjectIdClass(); CX509ExtensionKeyUsage extensionKeyUsage = new CX509ExtensionKeyUsageClass(); CX509ExtensionEnhancedKeyUsage x509ExtensionEnhancedKeyUsage = new CX509ExtensionEnhancedKeyUsageClass(); try { // Initialize the csp object using the desired Cryptograhic Service Provider (CSP) csp.InitializeFromName("Microsoft RSA SChannel Cryptographic Provider"); // Add this CSP object to the CSP collection object csPs.Add(csp); // Provide key container name, key length and key spec to the private key object //objPrivateKey.ContainerName = "AlejaCMa"; privateKey.Length = cert.CSRLength; privateKey.KeySpec = X509KeySpec.XCN_AT_SIGNATURE; privateKey.KeyUsage = X509PrivateKeyUsageFlags.XCN_NCRYPT_ALLOW_ALL_USAGES; privateKey.ExportPolicy = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_PLAINTEXT_EXPORT_FLAG | X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_FLAG; privateKey.MachineContext = true; // Provide the CSP collection object (in this case containing only 1 CSP object) // to the private key object privateKey.CspInformations = csPs; // Create the actual key pair privateKey.Create(); // Initialize the PKCS#10 certificate request object based on the private key. // Using the context, indicate that this is a user certificate request and don't // provide a template name pkcs10.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextMachine, privateKey, ""); cert.PrivateKey = privateKey.ToString(); // Key Usage Extension extensionKeyUsage.InitializeEncode( CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE | CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_NON_REPUDIATION_KEY_USAGE | CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE | CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_DATA_ENCIPHERMENT_KEY_USAGE ); pkcs10.X509Extensions.Add((CX509Extension)extensionKeyUsage); // Enhanced Key Usage Extension clientObjectId.InitializeFromValue("1.3.6.1.5.5.7.3.2"); objectIds.Add(clientObjectId); serverObjectId.InitializeFromValue("1.3.6.1.5.5.7.3.1"); objectIds.Add(serverObjectId); x509ExtensionEnhancedKeyUsage.InitializeEncode(objectIds); pkcs10.X509Extensions.Add((CX509Extension)x509ExtensionEnhancedKeyUsage); // Encode the name in using the Distinguished Name object string request = String.Format(@"CN={0}, O={1}, OU={2}, L={3}, S={4}, C={5}", cert.Hostname, cert.Organisation, cert.OrganisationUnit, cert.City, cert.State, cert.Country); dn.Encode(request, X500NameFlags.XCN_CERT_NAME_STR_NONE); // Assing the subject name by using the Distinguished Name object initialized above pkcs10.Subject = dn; // Create enrollment request enroll.InitializeFromRequest(pkcs10); enroll.CertificateFriendlyName = cert.FriendlyName; cert.CSR = enroll.CreateRequest(EncodingType.XCN_CRYPT_STRING_BASE64REQUESTHEADER); } catch (Exception ex) { Log.WriteError("Error creating CSR", ex); } }