} // End Sub SelfSignSslCertificate // https://stackoverflow.com/questions/51703109/nginx-the-ssl-directive-is-deprecated-use-the-listen-ssl public static Org.BouncyCastle.X509.X509Certificate GenerateRootCertificate() { string countryIso2Characters = "EA"; string stateOrProvince = "Europe"; string localityOrCity = "NeutralZone"; string companyName = "Skynet Earth Inc."; string division = "Skynet mbH"; string domainName = "Skynet"; string email = "*****@*****.**"; Org.BouncyCastle.Security.SecureRandom sr = new Org.BouncyCastle.Security.SecureRandom(NonBackdooredPrng.Create()); Org.BouncyCastle.X509.X509Certificate caRoot = null; Org.BouncyCastle.X509.X509Certificate caSsl = null; // string curveName = "curve25519"; curveName = "secp256k1"; CertificateInfo caCertInfo = new CertificateInfo( countryIso2Characters, stateOrProvince , localityOrCity, companyName , division, domainName, email , System.DateTime.UtcNow , System.DateTime.UtcNow.AddYears(5) ); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateEcKeyPair(curveName, sr); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateRsaKeyPair(2048, sr); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDsaKeyPair(1024, sr); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDHKeyPair(1024, sr); // kp1 = KeyGenerator.GenerateGhostKeyPair(4096, s_secureRandom.Value); caCertInfo.SubjectKeyPair = KeyImportExport.GetPemKeyPair(kp1); caCertInfo.IssuerKeyPair = KeyImportExport.GetPemKeyPair(kp1); caRoot = CerGenerator.GenerateRootCertificate(caCertInfo, sr); PfxGenerator.CreatePfxFile(@"ca.pfx", caRoot, kp1.Private, null); CerGenerator.WritePrivatePublicKey("issuer", caCertInfo.IssuerKeyPair); return(caRoot); } // End Sub GenerateRootCertificate
} // End Sub Test public static void SelfSignSslCertificate(Org.BouncyCastle.Security.SecureRandom random, Org.BouncyCastle.X509.X509Certificate caRoot, Org.BouncyCastle.Crypto.AsymmetricKeyParameter rootCertPrivateKey) // PrivatePublicPemKeyPair subjectKeyPair) { Org.BouncyCastle.X509.X509Certificate caSsl = null; string countryIso2Characters = "GA"; string stateOrProvince = "Aremorica"; string localityOrCity = "Erquy, Bretagne"; string companyName = "Coopérative Ménhir Obelix Gmbh & Co. KGaA"; string division = "NT (Neanderthal Technology)"; string domainName = "localhost"; domainName = "*.sql.guru"; domainName = "localhost"; string email = "webmaster@localhost"; CertificateInfo ci = new CertificateInfo( countryIso2Characters, stateOrProvince , localityOrCity, companyName , division, domainName, email , System.DateTime.UtcNow , System.DateTime.UtcNow.AddYears(5) ); ci.AddAlternativeNames("localhost", System.Environment.MachineName, "127.0.0.1", "sql.guru", "*.sql.guru"); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateEcKeyPair(curveName, random); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateRsaKeyPair(2048, random); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDsaKeyPair(1024, random); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDHKeyPair(1024, random); ci.SubjectKeyPair = KeyImportExport.GetPemKeyPair(kp1); // ci.IssuerKeyPair.PrivateKey = rootCert.PrivateKey; // caSsl = CerGenerator.GenerateSslCertificate(ci, random, caRoot); Org.BouncyCastle.Crypto.AsymmetricKeyParameter subjectPublicKey = null; // This is the private key of the root certificate Org.BouncyCastle.Crypto.AsymmetricKeyParameter issuerPrivateKey = null; caSsl = CerGenerator.GenerateSslCertificate( ci , subjectPublicKey , issuerPrivateKey , caRoot , random ); CertificateToDerPem(caSsl); // Just to clarify, an X.509 certificate does not contain the private key // The whole point of using certificates is to send them more or less openly, // without sending the private key, which must be kept secret. // An X509Certificate2 object may have a private key associated with it (via its PrivateKey property), // but that's only a convenience as part of the design of this class. // System.Security.Cryptography.X509Certificates.X509Certificate2 = new System.Security.Cryptography.X509Certificates.X509Certificate2(caRoot.GetEncoded()); // System.Console.WriteLine(cc.PublicKey); // System.Console.WriteLine(cc.PrivateKey); bool val = CerGenerator.ValidateSelfSignedCert(caSsl, caRoot.GetPublicKey()); System.Console.WriteLine(val); PfxGenerator.CreatePfxFile(@"obelix.pfx", caSsl, kp1.Private, ""); CerGenerator.WritePrivatePublicKey("obelix", ci.SubjectKeyPair); CerGenerator.WriteCerAndCrt(@"ca", caRoot); CerGenerator.WriteCerAndCrt(@"obelix", caSsl); } // End Sub SelfSignSslCertificate