private static X509Certificate Sign(CertificationRequestInfo csr, X509Certificate authority)
{
return(new X509Certificate {
Tbs =
{
SignatureAlgorithm = X509AlgorithmIdentifier.Sha256Rsa,
Validity = new X509Validity {
NotBefore = DateTimeOffset.UtcNow,
NotAfter = DateTimeOffset.UtcNow.AddDays(5)
},
Subject = csr.Subject,
SubjectPublicKeyInfo = csr.SubjectPublicKeyInfo
},
}.AddExtensions(csr.RequestedExtensions).SetIssuer(authority).GenerateSerialNumber().SetSubjectKeyIdentifier(csr.SubjectPublicKeyInfo.GenerateIdentifier()).SignWith(authority));
}
private static X509Certificate GenerateIntermediateCertificate(X509Certificate root)
{
var intermediatePrivateKey = new RsaPrivateKey(2048);
var csr = new CertificationRequestInfo {
Subject = new X509Name {
CommonName = "Intermediate CA",
Organization = "EasySSL"
},
SubjectPublicKeyInfo = intermediatePrivateKey.CreatePublicKey().GetSubjectPublicKeyInfo()
}.SetBasicConstraint(new BasicConstraintExtension {
Authority = true,
PathLengthConstraint = 2
}).SetAuthorityInfoAccess(new AuthorityInfoAccessExtension {
Methods =
{
new AuthorityAccessDescription {
Url = "http://ssl.vcap.me/ca.crt"
}
}
});
return(Sign(csr, root).SetPrivateKey(intermediatePrivateKey));
}