public static void CreateSSL(CertificateOptions options) { if (CertHelper.ExistsValidCert(options.FriendlyName) == false) { options.Thumbprint = Certificate.Create(options).Thumbprint; Command.RegisterSSLToUrl(options); } }
public static void RegisterSSLToUrl(CertificateOptions options) { var sslCert = ExecuteCommand("netsh http show sslcert 0.0.0.0:62189"); if (sslCert.IndexOf(options.AppID, StringComparison.OrdinalIgnoreCase) >= 0) { ExecuteCommand("netsh http delete sslcert ipport=0.0.0.0:62189"); } ExecuteCommand(string.Concat("netsh http add urlacl url=", options.URL)); ExecuteCommand($"netsh http add sslcert ipport=0.0.0.0:62189 certhash={options.Thumbprint} appid={{{options.AppID}}}"); }
public static X509Certificate2 Create(CertificateOptions options) { SubjectAlternativeNameBuilder sanBuilder = new SubjectAlternativeNameBuilder(); sanBuilder.AddIpAddress(IPAddress.Loopback); sanBuilder.AddIpAddress(IPAddress.IPv6Loopback); sanBuilder.AddDnsName("localhost"); sanBuilder.AddDnsName(options.Issuer); X500DistinguishedName distinguishedName = new X500DistinguishedName($"CN=" + options.Issuer); var csp = new CspParameters { Flags = CspProviderFlags.UseArchivableKey | CspProviderFlags.UseMachineKeyStore }; using (RSA rsa = new RSACryptoServiceProvider(2048, csp)) { CertificateRequest req = new CertificateRequest(distinguishedName, rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); req.CertificateExtensions.Add(sanBuilder.Build()); req.CertificateExtensions.Add( new X509BasicConstraintsExtension(false, false, 0, false)); req.CertificateExtensions.Add( new X509KeyUsageExtension(X509KeyUsageFlags.KeyAgreement | X509KeyUsageFlags.DataEncipherment | X509KeyUsageFlags.KeyEncipherment, false)); req.CertificateExtensions.Add( new X509EnhancedKeyUsageExtension(new OidCollection { new Oid("1.3.6.1.5.5.7.3.1") }, true)); req.CertificateExtensions.Add( new X509SubjectKeyIdentifierExtension(req.PublicKey, false)); X509Certificate2 CA = CreateCA(options); X509Certificate2 cert = req.Create( CA, CA.NotBefore, CA.NotAfter, CertHelper.SerialNumber.ToByteArray()); X509Certificate2 certWithPK = cert.CopyWithPrivateKey(rsa); certWithPK.FriendlyName = options.FriendlyName; X509Certificate2 certificate = new X509Certificate2(certWithPK.Export(X509ContentType.Pfx, options.Password), options.Password, X509KeyStorageFlags.MachineKeySet); CertHelper.AddToMyStore(certificate); return(certificate); } }
private static X509Certificate2 CreateCA(CertificateOptions options) { string CAFilePath = options.ExportDirectory + "\\" + options.CACertName; bool create = false; if (File.Exists(CAFilePath) == true) { X509Certificate2 CA = new X509Certificate2(CAFilePath, options.Password, X509KeyStorageFlags.Exportable); if (CertHelper.IsExpired(CA) == false) { return(CA); } else { create = true; } } else { create = true; } if (create) { X500DistinguishedName distinguishedName = new X500DistinguishedName($"CN=" + string.Concat(options.FriendlyName, options.Suffix)); using (RSA rsa = RSA.Create(2048)) { CertificateRequest parentReq = new CertificateRequest(distinguishedName, rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); parentReq.CertificateExtensions.Add( new X509BasicConstraintsExtension(true, true, 1, true)); parentReq.CertificateExtensions.Add( new X509SubjectKeyIdentifierExtension(parentReq.PublicKey, false)); parentReq.CertificateExtensions.Add( new X509EnhancedKeyUsageExtension(new OidCollection { new Oid("1.3.6.1.5.5.7.3.1") }, true)); parentReq.CertificateExtensions.Add( new X509KeyUsageExtension(X509KeyUsageFlags.KeyCertSign | X509KeyUsageFlags.CrlSign | X509KeyUsageFlags.DigitalSignature, false)); X509Certificate2 caCert = parentReq.CreateSelfSigned(new DateTimeOffset(options.ValidStartDate), new DateTimeOffset(options.ValidEndDate)); caCert.FriendlyName = string.Concat(options.FriendlyName, options.Suffix); byte[] caExported = caCert.Export(X509ContentType.Pfx, options.Password); using (Stream stream = File.Create(CAFilePath)) { stream.Write(caExported, 0, caExported.Length); } return(new X509Certificate2(caCert.Export(X509ContentType.Pfx, options.Password), options.Password, X509KeyStorageFlags.MachineKeySet)); } } else { return(null); } }