Menu
Using the OpenSSL libraries one can create a CSR (certificate signing request) by doing this:
openssl genrsa -out rsa.key 1024
openssl req -new -key rsa.key -out output.csr -config config.txt
where config.txt contains the distinguished name to use in the certificate.
I would like to do something similar under Windows using C#. However, the method createPKCS10 does not require you to supply an RSA key.
Is there a way to get C# to generate an explicit RSA private key and then use that private key to create the CSR?
898
CSR Generation Instructions Click Tools and select Internet Information Services (IIS) Manager. In the Connections tab, click the server name for which you want to generate the CSR. Double-click Server Certificates. Click on the Actions tab and then click Create Certificate Request....
A Certificate Signing Request (CSR) file is something you generate and give to a Certificate Authority, who in turn signs and sends you the requested SSL certificate that used for enabling HTTPS on your web server.
You can use the OpenSSL.NET library to accomplish this task. The following routines should be what you need:
public static void Main()
{
Console.Write(GenerateCsr(GenerateRsaKeyPair()));
}
/// <summary>
/// Generates a 2048 bit RSA key pair.
/// </summary>
/// <returns>The key container</returns>
public static CryptoKey GenerateRsaKeyPair()
{
using(var rsa = new RSA())
{
rsa.GenerateKeys(2048, 0x10021, null, null);
return new CryptoKey(rsa);
}
}
/// <summary>
/// Generates a CSR file content using to the hard-coded details and the given key.
/// </summary>
/// /// <param name="key">RSA key to be used</param>
/// <returns>The CSR file content</returns>
public static string GenerateCsr(CryptoKey key)
{
using (var subject = new X509Name
{
SerialNumber = "1234567890",
Organization = "My Company"
// Add more details here...
})
{
using (var req = new X509Request(0, subject, key))
{
return req.PEM;
}
}
}
Here is the code used to generate the .CSR file in C#. I am using Bouncy castle library.
var subjectName = "CN=www.copanyName.com,O=Company Name,OU=Department,T=Area,ST=State,C=Country";
// Create new Object for Issuer and Subject
var issuer = new X509Name(subjectName);
var subject = new X509Name(subjectName);
// Generate the key Value Pair, which in our case is a public Key
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
AsymmetricCipherKeyPair subjectKeyPair = default(AsymmetricCipherKeyPair);
const int strength = 2048;
var keyGenerationParameters = new KeyGenerationParameters(random, strength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
subjectKeyPair = keyPairGenerator.GenerateKeyPair();
AsymmetricCipherKeyPair issuerKeyPair = subjectKeyPair;
//PKCS #10 Certificate Signing Request
Pkcs10CertificationRequest csr = new Pkcs10CertificationRequest("SHA1WITHRSA", subject, issuerKeyPair.Public, null, issuerKeyPair.Private);
//Convert BouncyCastle CSR to .PEM file.
StringBuilder CSRPem = new StringBuilder();
PemWriter CSRPemWriter = new PemWriter(new StringWriter(CSRPem));
CSRPemWriter.WriteObject(csr);
CSRPemWriter.Writer.Flush();
//get CSR text
var CSRtext = CSRPem.ToString();
// Write content into a Txt file
using (StreamWriter f = new StreamWriter(@"C:\Cert_TEST\DemoCSR.txt"))
{
f.Write(CSRtext);
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
