How Can I Easily Create Self-Signed Certificates in C# Using .NET 4.7.2 and Above?

Create a self-signed certificate in C#

Creating a self-signed certificate in C# is a convenient solution for local encryption and other non-communication purposes. While the P/Invoke method involving Crypt32.dll is typically used, this post explores a simpler method using the System.Security.Cryptography.X509Certificates namespace (available in .NET 4.7.2 and later).

Avoid using P/Invoke

We can use the CertificateRequest class to create certificates instead of relying on P/Invoke. This approach simplifies the process, reduces the need for complex parameters, and ensures a more straightforward solution.

Generate certificate

To create a self-signed certificate, follow these steps:

1. Use ECDsa.Create() to generate an asymmetric key pair.
2. Use the CertificateRequest object to initialize the request using the required common name (CN), key pair and hash algorithm.
3. Call CreateSelfSigned to generate a certificate with a specified validity period.

Export Certificate

Once the certificate is generated, it can be exported to various formats:

• PFX (PKCS #12): Contains public and private keys.

  <code class="language-csharp">  File.WriteAllBytes("c:\temp\mycert.pfx", cert.Export(X509ContentType.Pfx, "P@55w0rd"));</code>

• CER (public key only): Base64 encoded certificate that does not contain the private key.

  <code class="language-csharp">  File.WriteAllText("c:\temp\mycert.cer", Convert.ToBase64String(cert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks) + "\r\n-----END CERTIFICATE-----");</code>

The above is the detailed content of How Can I Easily Create Self-Signed Certificates in C# Using .NET 4.7.2 and Above?. For more information, please follow other related articles on the PHP Chinese website!