I'm trying to create a CSR with .NET 6. I'm unable to test my solution so I have a few questions. But first of all, here is my code:
public string Create(Guid versionIndependentId, Guid networkId, string requesterName)
{
int keySizeInBits = 4096;
using RSA rsa = RSA.Create(keySizeInBits);
string distinguishedName = GetDistinguishedName(versionIndependentId, networkId, requesterName);
var certificateRequest = new CertificateRequest(
new X500DistinguishedName(distinguishedName),
rsa,
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1
);
return GetCertificate(certificateRequest);
}
private string GetCertificate(CertificateRequest certificateRequest)
{
CreateCertificateExtensions(certificateRequest);
byte[] encodedCsr = certificateRequest.CreateSigningRequest();
return GetCsrAsBase64String(encodedCsr);
}
private void CreateCertificateExtensions(CertificateRequest certificateRequest)
{
string dnsName = "example.com";
string subjectPublicKeyInfo = "1.2.840.113549.1.1.1";
string signatureAlgorythm = "1.2.840.113549.1.1.11";
var subjectAlternativeNameBuilder = new SubjectAlternativeNameBuilder();
subjectAlternativeNameBuilder.AddDnsName(dnsName);
var nameCertificateExtension = subjectAlternativeNameBuilder.Build();
var basicConstraintsExtension = new X509BasicConstraintsExtension(false, false, 0, false);
var oidCollection = new OidCollection
{
new Oid(subjectPublicKeyInfo),
new Oid(signatureAlgorythm),
};
var enhancedKeyUsageExtension = new X509EnhancedKeyUsageExtension(oidCollection, false);
certificateRequest.CertificateExtensions.Add(nameCertificateExtension);
certificateRequest.CertificateExtensions.Add(basicConstraintsExtension);
certificateRequest.CertificateExtensions.Add(enhancedKeyUsageExtension);
}
private string GetCsrAsBase64String(byte[] encodedCsr)
{
var csrBody = new StringBuilder();
csrBody.AppendLine("-----BEGIN CERTIFICATE REQUEST-----");
csrBody.AppendLine(Convert.ToBase64String(encodedCsr));
csrBody.AppendLine("-----END CERTIFICATE REQUEST-----");
byte[] encodedCsrBody = ASCIIEncoding.ASCII.GetBytes(csrBody.ToString());
return Convert.ToBase64String(encodedCsrBody);
}
So here are my questions:
- How can I use my own private and public keys to this process?
- I don't really understand the CreateCertificateExtensions method, I copied it from an answer by bartonjs: How to generate a response to a CSR in .NET Core (i.e. to write a CSR signing server)? Do I need that? :O
- Is adding dnsName = "example.com" necessary?
- Do I need to add manually the Begin and End Certificate Request strings to the body? The code int the GetCsrAsBase64String method is quite clumsy because of the conversions.
@bartonjs Please. :D
