/// <summary> /// Convert to pfx /// </summary> /// <param name="certificate"></param> /// <param name="privateKey"></param> /// <param name="password"></param> public static byte[] ToPfx(this X509Certificate2 certificate, Key privateKey, string password = null) { var cert = certificate.ToX509Certificate(); return(cert.ToPfx(privateKey.ToAsymmetricKeyParameter(), password)); }
public override X509CertificateBuilderResult Build() { var issuerX509Certificate2 = new SystemX509Certificates.X509Certificate2( IssuerCertificate, IssuerCertificatePassword, SystemX509Certificates.X509KeyStorageFlags.Exportable ); var issuerSubjectDN = issuerX509Certificate2.ToX509Certificate().SubjectDN; X509V3CertificateGenerator.SetIssuerDN(issuerSubjectDN); // Generate Keys. var rsaKeyPairGenerator = new RsaKeyPairGenerator(); rsaKeyPairGenerator.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), this.KeySize)); var asymmetricCipherKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); // Set Public Key. X509V3CertificateGenerator.SetPublicKey(asymmetricCipherKeyPair.Public); // Key Usage - for maximum interoperability, specify all four flags. var keyUsage = KeyUsage.DigitalSignature | KeyUsage.NonRepudiation | KeyUsage.KeyEncipherment | KeyUsage.KeyAgreement; X509V3CertificateGenerator.AddExtension( X509Extensions.KeyUsage, true, new KeyUsage(keyUsage) ); X509V3CertificateGenerator.AddExtension( X509Extensions.BasicConstraints, true, new BasicConstraints(false) ); // Extended Key Usage. var extendedKeyUsage = new List <KeyPurposeID>(); // Set TLS Web Server Authentication (1.3.6.1.5.5.7.3.1). if (IsServerAuthKeyUsage) { extendedKeyUsage.Add(KeyPurposeID.IdKPServerAuth); } // Set TLS Web Client Authentication (1.3.6.1.5.5.7.3.2). if (IsClientAuthKeyUsage) { extendedKeyUsage.Add(KeyPurposeID.IdKPClientAuth); } X509V3CertificateGenerator.AddExtension( X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(extendedKeyUsage) ); // Set Subject Alternative Names. if (SubjectAlternativeNames != null) { var subjectAlternativeNames = new Asn1Encodable[SubjectAlternativeNames.Count]; for (int i = 0; i < SubjectAlternativeNames.Count; i++) { subjectAlternativeNames[i] = new GeneralName(GeneralName.DnsName, SubjectAlternativeNames[i]); } X509V3CertificateGenerator.AddExtension( X509Extensions.SubjectAlternativeName, false, new DerSequence(subjectAlternativeNames) ); } X509V3CertificateGenerator.AddExtension( X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier( SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(issuerX509Certificate2.GetPublicKeyAsAsymmetricKeyParameter()), new GeneralNames(new GeneralName(issuerSubjectDN)), new Org.BouncyCastle.Math.BigInteger(issuerX509Certificate2.GetSerialNumber()) ) ); X509V3CertificateGenerator.AddExtension( X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier( SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(asymmetricCipherKeyPair.Public) ) ); var signatureFactory = new Asn1SignatureFactory(GetSignatureAlgorithm(this.KeySize), issuerX509Certificate2.GetPrivateKeyAsAsymmetricKeyParameter()); // Generate X.509 Certificate. var x509Certificate = X509V3CertificateGenerator.Generate(signatureFactory); return(new X509CertificateBuilderResult(x509Certificate, asymmetricCipherKeyPair.Private)); }