public string CreateECDsaCertificatePFX(string dnsName, DateTimeOffset validFrom, DateTimeOffset validTo, string password)
{
var basicConstraints = new BasicConstraints
{
CertificateAuthority = false,
HasPathLengthConstraint = false,
PathLengthConstraint = 0,
Critical = false
};
var san = new SubjectAlternativeName
{
DnsName = new List <string> {
dnsName
}
};
var x509KeyUsageFlags = X509KeyUsageFlags.DigitalSignature;
// only if certification authentication is used
var enhancedKeyUsages = new OidCollection {
new Oid("1.3.6.1.5.5.7.3.1"), // TLS Server auth
new Oid("1.3.6.1.5.5.7.3.2"), // TLS Client auth
};
var certificate = _createCertificates.NewECDsaSelfSignedCertificate(
new DistinguishedName {
CommonName = dnsName
},
basicConstraints,
new ValidityPeriod
{
ValidFrom = validFrom,
ValidTo = validTo
},
san,
enhancedKeyUsages,
x509KeyUsageFlags,
new ECDsaConfiguration()
{
});
var ecdsaCertPfxBytes = _importExportCertificate.ExportSelfSignedCertificatePfx(password, certificate);
var pfxBase64 = Convert.ToBase64String(ecdsaCertPfxBytes);
return(pfxBase64);
}
public void CreateCert()
{
ServiceProvider sp = new ServiceCollection()
.AddCertificateManager()
.BuildServiceProvider();
_cc = sp.GetService <CreateCertificates>();
X509Certificate2 oldRsaCert = CreateRsaCertificate("localhost_IS_test_old", 1);
X509Certificate2 rsaCert = CreateRsaCertificate("localhost_IS_test", 10);
string password = "******";
ImportExportCertificate iec = sp.GetService <ImportExportCertificate>();
RsaCertPfxBytes =
iec.ExportSelfSignedCertificatePfx(password, rsaCert);
byte[] OldRsaCertPfxBytes =
iec.ExportSelfSignedCertificatePfx(password, oldRsaCert);
Certificate = new X509Certificate2(RsaCertPfxBytes, password);
OldCertificate = new X509Certificate2(OldRsaCertPfxBytes, password);
}