} // End Sub GenerateRootCertificate public static Org.BouncyCastle.X509.X509Certificate SelfSignSslCertificate( Org.BouncyCastle.Security.SecureRandom random , Org.BouncyCastle.X509.X509Certificate caRoot , Org.BouncyCastle.Crypto.AsymmetricKeyParameter subjectPublicKey , Org.BouncyCastle.Crypto.AsymmetricKeyParameter rootCertPrivateKey ) // PrivatePublicPemKeyPair subjectKeyPair) { Org.BouncyCastle.X509.X509Certificate caSsl = null; string countryIso2Characters = "GA"; string stateOrProvince = "Aremorica"; string localityOrCity = "Erquy, Bretagne"; string companyName = "Coopérative Ménhir Obelix Gmbh & Co. KGaA"; string division = "Neanderthal Technology Group (NT)"; string domainName = "localhost"; domainName = "*.sql.guru"; domainName = "localhost"; string email = "webmaster@localhost"; CertificateInfo ci = new CertificateInfo( countryIso2Characters, stateOrProvince , localityOrCity, companyName , division, domainName, email , System.DateTime.UtcNow , System.DateTime.UtcNow.AddYears(5) ); ci.AddAlternativeNames("localhost", System.Environment.MachineName, "127.0.0.1", "sql.guru", "*.sql.guru", "example.int", "foo.int", "bar.int", "foobar.int", "*.com"); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateEcKeyPair(curveName, random); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateRsaKeyPair(2048, random); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDsaKeyPair(1024, random); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDHKeyPair(1024, random); caSsl = CerGenerator.GenerateSslCertificate( ci , subjectPublicKey , rootCertPrivateKey , caRoot , random ); /* * PfxGenerator.CreatePfxFile(@"obelix.pfx", caSsl, kp1.Private, ""); * CerGenerator.WritePrivatePublicKey("obelix", ci.SubjectKeyPair); * * * CerGenerator.WriteCerAndCrt(@"ca", caRoot); * CerGenerator.WriteCerAndCrt(@"obelix", caSsl); */ return(caSsl); } // End Sub SelfSignSslCertificate
private static Org.BouncyCastle.X509.X509Certificate SelfSignSslCertificate( Org.BouncyCastle.Security.SecureRandom random , Org.BouncyCastle.X509.X509Certificate caRoot , Org.BouncyCastle.Crypto.AsymmetricKeyParameter subjectPublicKey , Org.BouncyCastle.Crypto.AsymmetricKeyParameter rootCertPrivateKey , string[] alternativeNames ) { Org.BouncyCastle.X509.X509Certificate caSsl = null; string countryIso2Characters = "GA"; string stateOrProvince = "Aremorica"; string localityOrCity = "Erquy, Bretagne"; string companyName = "Coopérative Ménhir Obelix Gmbh & Co. KGaA"; string division = "Neanderthal Technology Group (NT)"; string domainName = "localhost"; string email = "webmaster@localhost"; CertificateInfo ci = new CertificateInfo( countryIso2Characters, stateOrProvince , localityOrCity, companyName , division, domainName, email , System.DateTime.UtcNow , System.DateTime.UtcNow.AddYears(50) ); ci.AddAlternativeNames(alternativeNames); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateEcKeyPair(curveName, random); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateRsaKeyPair(2048, random); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDsaKeyPair(1024, random); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDHKeyPair(1024, random); caSsl = CerGenerator.GenerateSslCertificate( ci , subjectPublicKey , rootCertPrivateKey , caRoot , random ); return(caSsl); } // End Sub SelfSignSslCertificate
} // End Sub Test public static void SelfSignSslCertificate(Org.BouncyCastle.Security.SecureRandom random, Org.BouncyCastle.X509.X509Certificate caRoot, Org.BouncyCastle.Crypto.AsymmetricKeyParameter rootCertPrivateKey) // PrivatePublicPemKeyPair subjectKeyPair) { Org.BouncyCastle.X509.X509Certificate caSsl = null; string countryIso2Characters = "GA"; string stateOrProvince = "Aremorica"; string localityOrCity = "Erquy, Bretagne"; string companyName = "Coopérative Ménhir Obelix Gmbh & Co. KGaA"; string division = "NT (Neanderthal Technology)"; string domainName = "localhost"; domainName = "*.sql.guru"; domainName = "localhost"; string email = "webmaster@localhost"; CertificateInfo ci = new CertificateInfo( countryIso2Characters, stateOrProvince , localityOrCity, companyName , division, domainName, email , System.DateTime.UtcNow , System.DateTime.UtcNow.AddYears(5) ); ci.AddAlternativeNames("localhost", System.Environment.MachineName, "127.0.0.1", "sql.guru", "*.sql.guru"); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateEcKeyPair(curveName, random); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateRsaKeyPair(2048, random); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDsaKeyPair(1024, random); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDHKeyPair(1024, random); ci.SubjectKeyPair = KeyImportExport.GetPemKeyPair(kp1); // ci.IssuerKeyPair.PrivateKey = rootCert.PrivateKey; // caSsl = CerGenerator.GenerateSslCertificate(ci, random, caRoot); Org.BouncyCastle.Crypto.AsymmetricKeyParameter subjectPublicKey = null; // This is the private key of the root certificate Org.BouncyCastle.Crypto.AsymmetricKeyParameter issuerPrivateKey = null; caSsl = CerGenerator.GenerateSslCertificate( ci , subjectPublicKey , issuerPrivateKey , caRoot , random ); CertificateToDerPem(caSsl); // Just to clarify, an X.509 certificate does not contain the private key // The whole point of using certificates is to send them more or less openly, // without sending the private key, which must be kept secret. // An X509Certificate2 object may have a private key associated with it (via its PrivateKey property), // but that's only a convenience as part of the design of this class. // System.Security.Cryptography.X509Certificates.X509Certificate2 = new System.Security.Cryptography.X509Certificates.X509Certificate2(caRoot.GetEncoded()); // System.Console.WriteLine(cc.PublicKey); // System.Console.WriteLine(cc.PrivateKey); bool val = CerGenerator.ValidateSelfSignedCert(caSsl, caRoot.GetPublicKey()); System.Console.WriteLine(val); PfxGenerator.CreatePfxFile(@"obelix.pfx", caSsl, kp1.Private, ""); CerGenerator.WritePrivatePublicKey("obelix", ci.SubjectKeyPair); CerGenerator.WriteCerAndCrt(@"ca", caRoot); CerGenerator.WriteCerAndCrt(@"obelix", caSsl); } // End Sub SelfSignSslCertificate