Early Preview

This is currently very much a preview. Please feel free to try things out, but don't be upset if anything is not yet working. Feedback is welcome over on our GitHub Dicussions page.

class System.Security.Cryptography.X509Certificates.CertificateRequest

Assembly: System.Security.Cryptography

Inheritance: object → CertificateRequest

Represents an abstraction over the PKCS#10 CertificationRequestInfo and the X.509 TbsCertificate.

Properties

public Collections.ObjectModel.Collection<X509Extension>

CertificateExtensions

Gets the X.509 Certificate Extensions collection, which is a mutable collection, to include in the certificate or certificate request.

public HashAlgorithmName

HashAlgorithm

Gets the hash algorithm to use when signing the certificate or certificate request.

public Collections.ObjectModel.Collection<AsnEncodedData>

OtherRequestAttributes

Gets a collection representing attributes, other than the extension request attribute, to include in a certificate request.

public PublicKey

PublicKey

Gets a representation of the public key for the certificate or certificate request.

public X500DistinguishedName

SubjectName

Gets the X.500 Distinguished Name to use as the Subject in a created certificate or certificate request.

Methods

public X509Certificate2

Create(X500DistinguishedName issuerName, X509SignatureGenerator generator, DateTimeOffset notBefore, DateTimeOffset notAfter, byte[] serialNumber)

Signs the current certificate request to create a chain-signed or self-signed certificate.

Returns An <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2" /> object with the specified values. The returned object won't assert <see cref="P:System.Security.Cryptography.X509Certificates.X509Certificate2.HasPrivateKey" /> .

issuerName The <see cref="T:System.Security.Cryptography.X509Certificates.X500DistinguishedName" /> for the issuer.

generator An <see cref="T:System.Security.Cryptography.X509Certificates.X509SignatureGenerator" /> object representing the issuing certificate authority.

notBefore The oldest date and time when this certificate is considered valid. Typically <see cref="P:System.DateTimeOffset.UtcNow" /> , plus or minus a few seconds.

notAfter The date and time when this certificate is no longer considered valid.

serialNumber The serial number to use for the new certificate. This value should be unique per issuer. The value is interpreted as an unsigned integer of arbitrary size in big-endian byte ordering. RFC 3280 recommends confining it to 20 bytes or less.

public X509Certificate2

Create(X500DistinguishedName issuerName, X509SignatureGenerator generator, DateTimeOffset notBefore, DateTimeOffset notAfter, ReadOnlySpan<byte> serialNumber)

Sign the current certificate request to create a chain-signed or self-signed certificate.

Returns A certificate with the specified values. The returned object will not assert <see cref="P:System.Security.Cryptography.X509Certificates.X509Certificate2.HasPrivateKey" /> .

issuerName The distinguished name of the issuer.

generator The issuing certificate authority.

notBefore The oldest date and time where this certificate is considered valid. Typically <see cref="P:System.DateTimeOffset.UtcNow" /> , plus or minus a few seconds.

notAfter The date and time where this certificate is no longer considered valid.

serialNumber The serial number to use for the new certificate. This value should be unique per issuer. The value is interpreted as an unsigned (big) integer in big endian byte ordering.

public X509Certificate2

Create(X509Certificate2 issuerCertificate, DateTimeOffset notBefore, DateTimeOffset notAfter, byte[] serialNumber)

Creates a certificate using the established subject, key, and optional extensions using the specified certificate as the issuer.

issuerCertificate An <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2" /> instance representing the issuing Certificate Authority (CA).

notBefore The oldest date and time when this certificate is considered valid. Typically <see cref="P:System.DateTimeOffset.UtcNow" /> , plus or minus a few seconds.

notAfter The date and time when this certificate is no longer considered valid.

public X509Certificate2

Create(X509Certificate2 issuerCertificate, DateTimeOffset notBefore, DateTimeOffset notAfter, ReadOnlySpan<byte> serialNumber)

Create a certificate using the established subject, key, and optional extensions using the provided certificate as the issuer.

Returns A certificate with the specified values. The returned object will not assert <see cref="P:System.Security.Cryptography.X509Certificates.X509Certificate2.HasPrivateKey" /> .

issuerCertificate An X509Certificate2 instance representing the issuing Certificate Authority (CA).

notBefore The oldest date and time where this certificate is considered valid. Typically <see cref="P:System.DateTimeOffset.UtcNow" /> , plus or minus a few seconds.

notAfter The date and time where this certificate is no longer considered valid.

serialNumber The serial number to use for the new certificate. This value should be unique per issuer. The value is interpreted as an unsigned (big) integer in big endian byte ordering.

public X509Certificate2

CreateSelfSigned(DateTimeOffset notBefore, DateTimeOffset notAfter)

Creates a self-signed certificate using the established subject, key, and optional extensions.

Returns An <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2" /> object with the specified values. The returned object will assert <see cref="P:System.Security.Cryptography.X509Certificates.X509Certificate2.HasPrivateKey" /> .

notBefore The oldest date and time when this certificate is considered valid. Typically <see cref="P:System.DateTimeOffset.UtcNow" /> , plus or minus a few seconds.

notAfter The date and time when this certificate is no longer considered valid.

public byte[]

CreateSigningRequest()

Creates an ASN.1 DER-encoded PKCS#10 CertificationRequest value representing the state of the current object.

Returns A DER-encoded certificate signing request.

public byte[]

CreateSigningRequest(X509SignatureGenerator signatureGenerator)

Creates an ASN.1 DER-encoded PKCS#10 CertificationRequest representing the current state of the current object using the provided signature generator.

Returns A DER-encoded certificate signing request.

signatureGenerator The signature generator with which to sign the request.

public string

CreateSigningRequestPem()

Creates a PEM-encoded PKCS#10 CertificationRequest representing the current state of this object using the provided signature generator.

public string

CreateSigningRequestPem(X509SignatureGenerator signatureGenerator)

Creates a PEM-encoded PKCS#10 CertificationRequest representing the current state of this object using the provided signature generator.

signatureGenerator A <see cref="T:System.Security.Cryptography.X509Certificates.X509SignatureGenerator" /> with which to sign the request.

public static CertificateRequest

LoadSigningRequest(byte[] pkcs10, HashAlgorithmName signerHashAlgorithm, CertificateRequestLoadOptions options = 0, RSASignaturePadding? signerSignaturePadding = null)

Loads a binary PKCS#10 signing request as a new CertificateRequest instance.

Returns A CertificateRequest instance that contains the information from the signing request.

pkcs10 The binary PKCS#10 signing request to load.

signerHashAlgorithm The hash algorithm to use when creating a certificate or new signing request.

options A bitwise combination of the enumeration values that specifies how to load the request.

signerSignaturePadding The RSA Signature Padding to use when creating a certificate from this request. For RSA signing certificates using the default signature generator, this parameter is required; otherwise, this parameter is ignored.

public static CertificateRequest

LoadSigningRequest(ReadOnlySpan<byte> pkcs10, HashAlgorithmName signerHashAlgorithm, Int32& bytesConsumed, CertificateRequestLoadOptions options = 0, RSASignaturePadding? signerSignaturePadding = null)

public static CertificateRequest

LoadSigningRequestPem(ReadOnlySpan<char> pkcs10Pem, HashAlgorithmName signerHashAlgorithm, CertificateRequestLoadOptions options = 0, RSASignaturePadding? signerSignaturePadding = null)

Loads the first PEM-encoded PKCS#10 signing request from <paramref name="pkcs10Pem" /> as a new CertificateRequest instance.

Returns A CertificateRequest instance that contains the information from the signing request.

pkcs10Pem The PEM-encoded PKCS#10 signing request to load.

signerHashAlgorithm The hash algorithm to use when creating a certificate or new signing request.

options A bitwise combination of the enumeration values that specifies how to load the request.

public static CertificateRequest

LoadSigningRequestPem(string pkcs10Pem, HashAlgorithmName signerHashAlgorithm, CertificateRequestLoadOptions options = 0, RSASignaturePadding? signerSignaturePadding = null)

Loads the first PEM-encoded PKCS#10 signing request from <paramref name="pkcs10Pem" /> as a new CertificateRequest instance.

Returns A CertificateRequest instance that contains the information from the signing request.

pkcs10Pem The PEM-encoded PKCS#10 signing request to load.

signerHashAlgorithm The hash algorithm to use when creating a certificate or new signing request.

options A bitwise combination of the enumeration values that specifies how to load the request.

public bool

Equals(object obj)

Inherited from object

protected void

Finalize()

Inherited from object

public int

GetHashCode()

Inherited from object

public Type

GetType()

Inherited from object

protected object

MemberwiseClone()

Inherited from object

public string

ToString()

Inherited from object

Early Preview

class System.​Security.​Cryptography.​X509Certificates.​CertificateRequest

Properties

Methods

class System.Security.Cryptography.X509Certificates.CertificateRequest