How to Create Self-Signed Certificates in C#?

Create a self-signed certificate using C#

In C#, you can easily generate a self-signed certificate using the System.Security.Cryptography.X509Certificates.CertificateRequest class. This method provides a straightforward and platform-specific way to create certificates suitable for local encryption purposes.

The

certificate creation process first instantiates a ECDsa object, which represents an asymmetric key pair. Then, create an CertificateRequest instance with the necessary certificate information, including the applicant name, key algorithm, and hash algorithm.

The final step is to create the self-signed certificate by calling the CreateSelfSigned method. This method sets the certificate with a start and end date and generates a valid X.509 certificate.

In order to store the private key in a PFX certificate (PKCS #12), use Export(X509ContentType.Pfx, "密码") to export the certificate. This allows the private key to be protected with a password.

Additionally, by exporting the certificate using Export(X509ContentType.Cert) you can create a Base64 encoded CER file containing only the public key. This is useful if you want to share the certificate publicly or reuse the public key from other applications.

The following code example demonstrates the entire process:

<code class="language-csharp">using System;
using System.IO;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;

public class CertificateUtil
{
    public static void MakeCert()
    {
        var ecdsa = ECDsa.Create(); // 生成非对称密钥对
        var req = new CertificateRequest("cn=foobar", ecdsa, HashAlgorithmName.SHA256);
        var cert = req.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now.AddYears(5));

        // 创建包含私钥的PFX (PKCS #12) 文件
        File.WriteAllBytes("c:\temp\mycert.pfx", cert.Export(X509ContentType.Pfx, "P@55w0rd"));

        // 创建Base64编码的CER (仅包含公钥) 文件
        File.WriteAllText("c:\temp\mycert.cer",
            "-----BEGIN CERTIFICATE-----\r\n"
            + Convert.ToBase64String(cert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks)
            + "\r\n-----END CERTIFICATE-----");
    }
}</code>

This example generates a self-signed certificate with the private key stored in PFX format and the public key stored in Base64-encoded CER format. These certificates can be imported into the Windows certificate store or used for data encryption or decryption in local applications.

The above is the detailed content of How to Create Self-Signed Certificates in C#?. For more information, please follow other related articles on the PHP Chinese website!