none
Chain a self signed certificate to another one RRS feed

  • Question

  • Hi,

    in our test environment we create self signed certificates in the memory like following:

                    using (var rsa = RSA.Create(2048))
                    {
                        var req = new CertificateRequest($"cn={ServerName}", rsa, HashAlgorithmName.SHA512, RSASignaturePadding.Pkcs1);
    
                        req.CertificateExtensions.Add(new X509EnhancedKeyUsageExtension(new OidCollection() { new Oid("1.3.6.1.5.5.7.3.1"), new Oid("1.3.6.1.5.5.7.3.2") }, false));
                        req.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.KeyEncipherment, false));
                        req.CertificateExtensions.Add(new X509SubjectKeyIdentifierExtension(req.PublicKey, false));
    
                        using (var cert = req.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now.AddYears(5)))
                        {
                            cert.FriendlyName = ServerName;
                            var expBytes = cert.Export(X509ContentType.Pfx, "1234");
                            var cert2 = new X509Certificate2();
                            cert2.Import(expBytes, "1234", X509KeyStorageFlags.Exportable);
    
                            return cert2;
                        }
                    }
    

    This is done on the server computer. On the client computer I want to achive, that these certificates are considered that they are created from a trusted root certification authority. I wanted to do the following:

    Create a self signed certificate on the server, export this, import this on the client to the "Trusted Root Certification Authorities".

    How can I add the self signed certificate, that is imported on the client, to the self signed certificates that are created on the server in the memory (see code above)?

    Thanks 

    Christian

    Wednesday, February 12, 2020 3:21 PM

All replies

  • Hi Christian,

    Is it possible to send a self signed certificate to the client and then add it to "Trusted Root Certification Authorities" via the method in the link below.

    Add the Root Certificate to Trusted Root Certification Authorities

    Note: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; Therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.

    Best Regards,

    Timon


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, February 14, 2020 3:39 AM