Creating a self-signed certificate in C#

re: Creating a self-signed certificate in C#

mohit — Thu, 22 Jan 2009 23:37:50 GMT

I have been through you code. Can you please give comment to what and why for the above bullet points and also when i created certificate using the given class i get following error:

Certificate status

This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.

But being a selfsigned certificate the status should be ok. The same way when we create a certificate with IIS.

Please help

Thanks

mohit

mohit_raghav at hotmail dot com

re: Creating a self-signed certificate in C#

jclary — Fri, 23 Jan 2009 02:30:35 GMT

Great code and it works wonderfully but is there a way to set the key length?

re: Creating a self-signed certificate in C#

jclary — Fri, 23 Jan 2009 02:38:20 GMT

Being able to set the FriendlyName would be useful, too.

re: Creating a self-signed certificate in C#

jclary — Sat, 07 Feb 2009 12:10:14 GMT

I found a solution to setting the key length. The third parameter to CryptKeyGen(), flags, needs to be bitwise OR'd (|) with 2048<<16 (0x080000000) to get a 2048bit key -- you end up passing in 0x08000001.

Check(NativeMethods.CryptGenKey(

providerContext,

1, // AT_KEYEXCHANGE

1 | (2048<<16), // CRYPT_EXPORTABLE | 2048bit

out cryptKey));

I still haven't found a way to add the FriendlyName parameter.

re: Creating a self-signed certificate in C#

sszelei — Fri, 13 Feb 2009 20:49:57 GMT

How Timely, I was looking for this several weeks ago and had all but given up and started writing my own with much hardship. Just happened to run accross this when looking up function calls. This was great! Thank you! Thank You! Thank You! Tou saved me some gray hairs.

re: Creating a self-signed certificate in C#

kevindelafield — Sun, 12 Apr 2009 02:42:41 GMT

Did you get this to work?

When I use this routine to create a certficiate and try to store it in the cert store for My/CurrentUser,

and then extract the filename with 'FindPrivateKey' (from WCF examples), I get an error that the private key file is missing.

Are you sure this generates a private key?

Thanks,

Kevin

re: Creating a self-signed certificate in C#

kevindelafield — Sun, 12 Apr 2009 02:51:04 GMT

Also,

When I use the Certificates MMC plugin to view the certificate,

and I double click it, it says that there is a private key.

However, when I try to export it, it says the associated private key cannot be found.

Any ideas?

Thanks,

Kevin

re: Creating a self-signed certificate in C#

Jeremy Holovacs — Mon, 20 Jul 2009 08:05:59 GMT

For the FriendlyName and Description (and other useful information) it looks like these are extended properties added with CertSetCertificateContextProperty (CERT_DESCRIPTION_PROP_ID = 13, CERT_FRIENDLY_NAME_PROP_ID = 11) etc... I haven't figured out how to create the pointer context for the CRYPT_DATA_BLOB structure (trying to convert this in my head to VB.NET and this is well outside my comfort zone) but I think this'll work.