x509certificate2

I have a self signed root certificate that I generated in C# using CERTENROLL.dll's CX509CertificateRequest Certificate functionality. I would like to write a function that generates client certificates signed by my root using the same API. However the only CertEnroll option I can find that does not generate a self signed certificate requires a authenticated CA. There seems to be a flag for setting a SignerCertificate but it always fails to initialize. //Initialize cert var cert = new CX509CertificateRequestCertificate(); //take care of signer cert.Issuer = issuen; CSignerCertificate sc = new

I'm unit testing a .NET application; some of the unit tests involve programmatically generating X509Certificate2 objects. I don't care about actual signing/private key/validation stuff, I'd just like to have an object that doesn't throw exceptions when its fields are examined. I tried using the parameterless constructor, but then a whole bunch of fields throw exceptions when accessed. As seen in the debugger: SubjectName = '(new System.Collections.Generic.Mscorlib_CollectionDebugView(result.Certificates)).Items[0].SubjectName' threw an exception of type 'System.Security.Cryptography

I am using the following code and get HttpRequestException exception: using (var handler = new HttpClientHandler()) { handler.ClientCertificateOptions = ClientCertificateOption.Manual; handler.SslProtocols = SslProtocols.Tls12; handler.ClientCertificates.Add(new X509Certificate2(@"C:\certificates\cert.pfx")); // I also tried to add another certificates that was provided to https access // by administrators of the site, but it still doesn't work. //handler.ClientCertificates.Add(new X509Certificate2(@"C:\certificates\cert.crt")); //handler.ClientCertificates.Add(new X509Certificate2(@"C:

I thought this would be straightforward but apparently it isn't. I have a certificate installed that has a private key, exportable, and I want to programmatically export it with the public key ONLY. In other words, I want a result equivalent to selecting "Do not export the private key" when exporting through certmgr and exporting to .CER. It seems that all of the X509Certificate2.Export methods will export the private key if it exists, as PKCS #12, which is the opposite of what I want. Is there any way using C# to accomplish this, or do I need to start digging into CAPICOM? For anyone else who

I'm curious to know if there's a simplish way to create a self-signed certificate comparable to the below New-SelfSignedCertificate command (other providers are OK too, for instance). I want to use only the .NET libraries without P/Invoke or external libraries such as Bouncy Castle or without calling PowerShell from the application. New-SelfSignedCertificate -DnsName $certificateName -CertStoreLocation $certificateStore -KeyExportPolicy Exportable -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotAfter $certificateNotAfter I suppose the simplest alternative would be to call

When newing up an instance of X509Certificate2(string, string) my IIS process simply crashes. No .Net exception, no nothing, except of this in my event log Faulting application name: w3wp.exe, version: 8.0.9200.16384, time stamp: 0x50108835 Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505ab405 Exception code: 0xc0000374 Fault offset: 0x00000000000ea485 Faulting process id: 0x102c Faulting application start time: 0x01ce10301e250c4d Faulting application path: c:\windows\system32\inetsrv\w3wp.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 5e55321c