x509certificate2 – Tarik Billa

Export X509Certificate2 to byte array with the Private key

April 6, 2024 by Tarik

The Export function of the X509Certificate2 class allows you to export a certificate with the private key to a byte array. The following code demonstrates exporting a certificate with the private key: X509Store store = new X509Store(StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly); X509Certificate2 cert = store.Certificates[1]; // Export the certificate including the private key. byte[] certBytes = cert.Export(X509ContentType.Pkcs12); To … Read more

What is the rationale for all the different X509KeyStorageFlags?

December 30, 2023 by Tarik

Mainly, it has to be this complicated today because it was this complicated yesterday and no one has come up with anything simpler. I can’t come up with a linear narrative here, so please endure the weaving back and forth that’s required. What is a PFX/PKCS#12 file? While I can’t fully say what the origins … Read more

How to create a completely new x509Certificate2 in .Net?

December 15, 2023 by Tarik

Checkout CertificateRequest (Name Space: System.Security.Cryptography.X509Certificates)… public static X509Certificate2 GenerateSelfSignedCertificate() { string secp256r1Oid = “1.2.840.10045.3.1.7”; //oid for prime256v1(7) other identifier: secp256r1 string subjectName = “Self-Signed-Cert-Example”; var ecdsa = ECDsa.Create(ECCurve.CreateFromValue(secp256r1Oid)); var certRequest = new CertificateRequest($”CN={subjectName}”, ecdsa, HashAlgorithmName.SHA256); //add extensions to the request (just as an example) //add keyUsage certRequest.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, true)); X509Certificate2 generatedCert = certRequest.CreateSelfSigned(DateTimeOffset.Now.AddDays(-1), DateTimeOffset.Now.AddYears(10)); // … Read more

Site in Azure Websites fails processing of X509Certificate2

August 27, 2023 by Tarik

How to create a valid, self-signed X509Certificate2 programmatically, not loading from file in .NET Core

August 24, 2023 by Tarik

I found this other SO question that put me on the right track. Certificates API was added to .Net Core on 2.0 version. I have a function like the next one to create self signed certificates that I later import into My store to use them on IIS. private X509Certificate2 buildSelfSignedServerCertificate() { SubjectAlternativeNameBuilder sanBuilder = … Read more

How can constructing an X509Certificate2 from a PKCS#12 byte array throw CryptographicException(“The system cannot find the file specified.”)?

August 8, 2023 by Tarik

Do you have PKCS#12 or just PFX-file? In the Microsoft world it is the same, but other think another (see this archived page). You can try just following X509Certificate2 cert = X509Certificate2(byte[] rawData, “password”); X509Certificate2 cert2 = X509Certificate2(byte[] rawData, “password”, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable); (X509Certificate2(Byte[])) or X509Certificate2 cert = X509Certificate2(“C:\Path\my.pfx”, “password”); (see X509Certificate2(String, String) … Read more

X509 certificate not loading private key file on server

July 21, 2023 by Tarik

One of things that comes to my mind is the identity of your app pool, make sure that the Load user profile is turned on otherwise the crypto subsystem does not work.

Exporting a Certificate as BASE-64 encoded .cer

May 11, 2023 by Tarik

Perhaps /// <summary> /// Export a certificate to a PEM format string /// </summary> /// <param name=”cert”>The certificate to export</param> /// <returns>A PEM encoded string</returns> public static string ExportToPEM(X509Certificate cert) { StringBuilder builder = new StringBuilder(); builder.AppendLine(“—–BEGIN CERTIFICATE—–“); builder.AppendLine(Convert.ToBase64String(cert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks)); builder.AppendLine(“—–END CERTIFICATE—–“); return builder.ToString(); }