如何使用C＃创建自签名证书？

如何使用C＃创建自签名证书？

此实现使用

CX509CertificateRequestCertificate

COM对象（和其朋友-MSDN
doc
）

certenroll.dll

创建自签名证书请求并对其进行签名。

下面的示例非常简单（如果您忽略此处出现的COM内容），并且代码中的某些部分实际上是可选的（例如EKU），这些部分仍然有用且易于使用适应您的使用。

public static X509Certificate2 CreateSelfSignedCertificate(string subjectName){    // create DN for subject and issuer    var dn = new CX500DistinguishedName();    dn.Enpre("CN=" + subjectName, X500NameFlags.XCN_CERT_NAME_STR_NONE);    // create a new private key for the certificate    CX509PrivateKey privateKey = new CX509PrivateKey();    privateKey.ProviderName = "Microsoft base Cryptographic Provider v1.0";    privateKey.MachineContext = true;    privateKey.Length = 2048;    privateKey.KeySpec = X509KeySpec.XCN_AT_SIGNATURE; // use is not limited    privateKey.ExportPolicy = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_PLAINTEXT_EXPORT_FLAG;    privateKey.Create();    // Use the stronger SHA512 hashing algorithm    var hashobj = new CObjectId();    hashobj.InitializeFromAlgorithmName(ObjectIdGroupId.XCN_CRYPT_HASH_ALG_OID_GROUP_ID,        ObjectIdPublicKeyFlags.XCN_CRYPT_OID_INFO_PUBKEY_ANY,         AlgorithmFlags.AlgorithmFlagsNone, "SHA512");    // add extended key usage if you want - look at MSDN for a list of possible OIDs    var oid = new CObjectId();    oid.InitializeFromValue("1.3.6.1.5.5.7.3.1"); // SSL server    var oidlist = new CObjectIds();    oidlist.Add(oid);    var eku = new CX509ExtensionEnhancedKeyUsage();    eku.InitializeEnpre(oidlist);    // Create the self signing request    var cert = new CX509CertificateRequestCertificate();    cert.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextMachine, privateKey, "");    cert.Subject = dn;    cert.Issuer = dn; // the issuer and the subject are the same    cert.NotBefore = DateTime.Now;    // this cert expires immediately. Change to whatever makes sense for you    cert.NotAfter = DateTime.Now;     cert.X509Extensions.Add((CX509Extension)eku); // add the EKU    cert.HashAlgorithm = hashobj; // Specify the hashing algorithm    cert.Enpre(); // enpre the certificate    // Do the final enrollment process    var enroll = new CX509Enrollment();    enroll.InitializeFromRequest(cert); // load the certificate    enroll.CertificateFriendlyName = subjectName; // Optional: add a friendly name    string csr = enroll.CreateRequest(); // Output the request in base64    // and install it back as the response    enroll.InstallResponse(InstallResponseRestrictionFlags.AllowUntrustedCertificate,        csr, EncodingType.XCN_CRYPT_STRING_base64, ""); // no password    // output a base64 enpred PKCS#12 so we can import it back to the .Net security classes    var base64enpred = enroll.CreatePFX("", // no password, this is for internal consumption        PFXExportOptions.PFXExportChainWithRoot);    // instantiate the target class with the PKCS#12 data (and the empty password)    return new System.Security.Cryptography.X509Certificates.X509Certificate2(        System.Convert.Frombase64String(base64enpred), "",         // mark the private key as exportable (this is usually what you want to do)        System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable    );}

可以

X509Store

使用这些

X509Certificate2

方法将结果添加到证书存储中或将其导出。

对于一个全面管理，而不是依赖于微软的平台，如果你使用Mono的许可OK，那么你可以看看X509CertificateBuilder从Mono.Security。Mono.Security是Mono的独立产品，它不需要Mono的其余部分即可运行，并且可以在任何兼容的.Net环境（例如Microsoft的实现）中使用。