Chain a self signed certificate to another one

  • Thread starter Thread starter ChristianHavelDE
  • Start date Start date
C

ChristianHavelDE

Guest
Hi,

in our test environment we create self signed certificates in the memory like following:

using (var rsa = RSA.Create(2048))
{
var req = new CertificateRequest($"cn={ServerName}", rsa, HashAlgorithmName.SHA512, RSASignaturePadding.Pkcs1);

req.CertificateExtensions.Add(new X509EnhancedKeyUsageExtension(new OidCollection() { new Oid("1.3.6.1.5.5.7.3.1"), new Oid("1.3.6.1.5.5.7.3.2") }, false));
req.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.KeyEncipherment, false));
req.CertificateExtensions.Add(new X509SubjectKeyIdentifierExtension(req.PublicKey, false));

using (var cert = req.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now.AddYears(5)))
{
cert.FriendlyName = ServerName;
var expBytes = cert.Export(X509ContentType.Pfx, "1234");
var cert2 = new X509Certificate2();
cert2.Import(expBytes, "1234", X509KeyStorageFlags.Exportable);

return cert2;
}
}


This is done on the server computer. On the client computer I want to achive, that these certificates are considered that they are created from a trusted root certification authority. I wanted to do the following:

Create a self signed certificate on the server, export this, import this on the client to the "Trusted Root Certification Authorities".

How can I add the self signed certificate, that is imported on the client, to the self signed certificates that are created on the server in the memory (see code above)?

Thanks

Christian

Continue reading...
 
Back
Top