1

Before breaking my head, I thought about the community (maybe this would be useful in general), how could the following be translated to Powershell and/or .NET Core 2.0?

openssl pkcs12 -export -out p12file.p12 -inkey privatekeygenerateinsomeportal.pem -in clientcertificatedownloadedfromsomeportal.pem

I definitely don't know how to do it in .NET Core 2.0 (hints here) and I haven't yet found the appropriate Powershell spell either. It appears Windows facilities have not supported pem format, which makes this a tad difficult (hence .NET Core 2.0 to rescue?), like extracted from How to convert a PFX to .PEM format? Or how to generate a .PEM file? Using Native/Standard Windows tool

Windows do not support PEM format

Or there are some third party libraries, as demontrated here.

It also feels there can be subtleties in the .p12 format that cause interoperability problems (say, when the result would be used in various environments via Xamarin.Forms and whatnot).

Veksi
  • 3,556
  • 3
  • 30
  • 69
  • I tried to do this a few months ago. I ended up writing a PowerShell script that uses PuTTY utils (plink and pscp) to build .p12 files on a Linux server and copy them to the Windows server that needs it. – brendan62269 Sep 22 '17 at 11:50
  • What exactly does your OpenSSL command? – Crypt32 Sep 22 '17 at 15:07

1 Answers1

1

Assuming that what you want to do is:

  • Load a certificate from a file
  • Load a private key from a file
  • Save them together in one PFX

Then the only part that .NET Core can't do for you easily is loading the private key. If you can figure out how to get the key (from RSAParameters or a live object, or whatever) you can do

using (var cert = new X509Certificate2("cert.pem"))
using (var mated = cert.CopyWithPrivateKey(key))
{
    return mated.Export(X509ContentType.Pfx, password);
}

And presumably File.WriteAlllBytes that value.

CopyWithPrivateKey is new in Core 2.0, and requires compiling with the netcoreapp20 TFM.

Loading key files is on the ToDo list for .NET: https://github.com/dotnet/corefx/issues/20414

bartonjs
  • 30,352
  • 2
  • 71
  • 111
  • I'll think about this later today ("tomorrow"), past midnight already... I found an example that describes perfectly the usual situation this crops up (in addition to the VMWare mentioned in the link): https://github.com/visa/SampleCode/tree/master/vdp-c-sharp. – Veksi Sep 22 '17 at 21:02
  • I believe this actually answers my question, naturally the next step is to wonder how to create a CSR, but https://github.com/dotnet/corefx/blob/master/src/System.Security.Cryptography.X509Certificates/tests/CertificateCreation/CertificateRequestUsageTests.cs ought to help! Thanks again! – Veksi Sep 23 '17 at 17:50