X509MakeCert Method

Create a new X.509 certificate using subject's public key and issuer's private key files with signature options.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.30549 (23.1.0.0)

Syntax

public static int MakeCert(
	string certFile,
	string issuerCert,
	string subjectPubKeyFile,
	string issuerPriKeyFile,
	int certNum,
	int yearsValid,
	string distName,
	string extensions,
	X509KeyUsageOptions keyUsageOptions,
	string password,
	SigAlgorithm sigAlg,
	X509CertOptions options
)

Public Shared Function MakeCert ( 
	certFile As String,
	issuerCert As String,
	subjectPubKeyFile As String,
	issuerPriKeyFile As String,
	certNum As Integer,
	yearsValid As Integer,
	distName As String,
	extensions As String,
	keyUsageOptions As X509KeyUsageOptions,
	password As String,
	sigAlg As SigAlgorithm,
	options As X509CertOptions
) As Integer

Parameters

certFile String: Name of file to be created
issuerCert String: Name of issuer's certificate file
subjectPubKeyFile String: File containing subjects public key data
issuerPriKeyFile String: File containing issuer's private key data
certNum Int32: Issue number for new certificate
yearsValid Int32: How many years to be valid
distName String: Distinguished name string. See Distinguished Names in the main manual.
extensions String: Extensions: a list of attribute-value pairs separated by semicolons (;). See X.509 Extensions Parameter in the main manual.
keyUsageOptions X509KeyUsageOptions: Key usage options
password String: For issuer's private key, if encrypted.
sigAlg SigAlgorithm: Signature algorithm to sign certificate.
options X509CertOptions: Option flags: set as zero for defaults.

Return Value

Int32
Zero if successful or a non-zero error code

Remarks

Valid extensions are:

rfc822Name=string;	To set the rfc822 email address in the subjectAltName extension, e.g. rfc822Name=myname@testorg.com.
serialNumber=hex-digits;	To override the serial number set by certNum with a larger, unlimited integer in hexadecimal format, e.g. serialNumber=12deadbeefcafe0123.
subjectKeyIdentifier=hex-digits;	To set the subjectAltName extension with an octet string (binary) value specified in hex format e.g. subjectKeyIdentifier=fedcba9876543210.
notAfter=iso-date-string;	To override the validity period set by yearsValid with a specific date and time in ISO format, e.g. notAfter=2020-12-31 or notAfter=2020-12-31T14:03:59. If no time is given it will default to 23:59:59. Note that this time is UTC (GMT) not local.
notBefore=iso-date-string;	To override the default start time from one minute ago to a specific date and time in ISO format, e.g. notBefore=2008-12-31. If no time is given it will default to 00:00:01. Note that this time is UTC (GMT) not local.
<dotted-oid>=#<hexstring>;	Add an arbitrary X.509 version 3 Extension with typeID set to decoded <dotted-oid> and extnValue set to ASN.1 value encoded in <hexstring>.

As an alternative, you can create a new X.509 certificate using a PKCS-10 certificate signing request (CSR) file. Pass the name of the CSR file in the subjectPubkeyFile parameter and set the distName empty "". The empty distinguished name parameter is a flag that a CSR file is being used.

Reference

X509 Class

CryptoSysPKI Namespace