How to create a certificate to use with SslStream AuthenticateAsServer without importing

Solution 1

In the end, I ran the following to create a server.pfx file:

makecert.exe -r -pe -n "CN=localhost" -sky exchange -sv server.pvk server.cer
pvk2pfx -pvk server.pvk -spc server.cer -pfx server.pfx

Then I loaded it in code with:

certificate = new X509Certificate2("server.pfx", "password");

(I didn't actually hard code the password like that :-)

The trick was to know that I needed a pfx file, and that I needed to load it using the X509Certificate2 class, rather than X509Certificate.

Solution 2

Niki Loche method works.

If you get The specified network password is not correct., then you should try it without password in C#. It doesn't matter what your input password was in makecert.

certificate = new X509Certificate2("Server.pfx", "");

But if you want to use password (there is a reason, it's there :)), try changing pvk2pfx.exe command to:

pvk2pfx.exe" -pi password -pvk Server.pvk -spc Server.cer -pfx Server.pfx

and in C# enter:

certificate = new X509Certificate2("Server.pfx", "password");

Password must be the same as it is in creating cer file.

That did the trick for me. I hope it will help someone.

Solution 3

There are a number of tools that should let you act as your own CA and generate a certificate. XCA is one of them. There are also a number of methods using OpenSSL commands, for example.

Generating a self-signed certificate only may seem like the easiest option, but using a test CA (and a separate server certificate) may be worth it. This would allow you to import the test CA into the browser's store if needed to make the tests more realistic. It's not much more difficult with the right tools (e.g. XCA).

Once you have generated your server certificate and its private key, turn it into a PKCS#12 file (.p12/.pfx).

You should then be able to load it using X509Certificate2.import(...). (See example in this answer.)

private X509Certificate GetSslCertificate()
{
    X509Certificate cert = null;
    string certname = "*.mydomain.com";

    try
    {
        X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
        store.Open(OpenFlags.OpenExistingOnly);

        foreach (X509Certificate certificate in store.Certificates)
        {
            if (certificate.Subject.ToLower().Contains(certname))
            {
                cert = certificate;
                break;
            }
        }
    }
    catch (Exception) { /* Handle Exception */ }
    return cert;
}

Related videos on Youtube

25 : 01

How to create a valid self signed SSL Certificate?

The Digital Life

112229

06 : 30

How SSL certificate works?

Sunny Classroom

605

05 : 03

Create a certificate request with SAN

Dilith Achalan

278

06 : 42

How to Request and Install SSL Certificate in IIS 8.5 using Local CA

MSFT WebCast

210

04 : 03

#HowTo Create a Vendor-Signed SSL Certificate Using OpenSSL - Part 1

NetIQ Unplugged

78

01 : 45

How To Activate an SSL Certificate Onto Your Domain | Hostinger

Hostinger Academy

65

04 : 22

ASP.NET: Applying an SSL Certificate

Skillsoft YouTube

60

09 : 55

Create self signed certificates with Subject Alternative Names

Mobilefish.com

23

03 : 29

How to Create Self-Signed Certificates With PowerShell

TechSnips

19

06 : 51

How to Export Import SSL Certificate on Windows Server 2016

Aa Fikry

9

03 : 13

Creating SSL SAN certificates and CSRs

AskF5

1

Author by

Nikki Locke

I am a consultant/programmer working for my own company, currently mostly programming in C#, but with extensive experience in C++, SQL, C, Java, Basic, PHP and even 8086 Assembler (although I have forgotten most of that!). I also maintain the "Available C++ Libraries" FAQ, listing over 400 libraries for use with C++ (see my web page).

Updated on June 29, 2022