CertificateRequest.Create Method

Definition

Overloads

Create(X509Certificate2, DateTimeOffset, DateTimeOffset, Byte[])

Creates a certificate using the established subject, key, and optional extensions using the specified certificate as the issuer.

Create(X509Certificate2, DateTimeOffset, DateTimeOffset, ReadOnlySpan<Byte>)

Create a certificate using the established subject, key, and optional extensions using the provided certificate as the issuer.

Create(X500DistinguishedName, X509SignatureGenerator, DateTimeOffset, DateTimeOffset, Byte[])

Signs the current certificate request to create a chain-signed or self-signed certificate.

Create(X500DistinguishedName, X509SignatureGenerator, DateTimeOffset, DateTimeOffset, ReadOnlySpan<Byte>)

Sign the current certificate request to create a chain-signed or self-signed certificate.

Create(X509Certificate2, DateTimeOffset, DateTimeOffset, Byte[])

Creates a certificate using the established subject, key, and optional extensions using the specified certificate as the issuer.

public:
 System::Security::Cryptography::X509Certificates::X509Certificate2 ^ Create(System::Security::Cryptography::X509Certificates::X509Certificate2 ^ issuerCertificate, DateTimeOffset notBefore, DateTimeOffset notAfter, cli::array <System::Byte> ^ serialNumber);
public System.Security.Cryptography.X509Certificates.X509Certificate2 Create (System.Security.Cryptography.X509Certificates.X509Certificate2 issuerCertificate, DateTimeOffset notBefore, DateTimeOffset notAfter, byte[] serialNumber);
member this.Create : System.Security.Cryptography.X509Certificates.X509Certificate2 * DateTimeOffset * DateTimeOffset * byte[] -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Function Create (issuerCertificate As X509Certificate2, notBefore As DateTimeOffset, notAfter As DateTimeOffset, serialNumber As Byte()) As X509Certificate2

Parameters

issuerCertificate
X509Certificate2

An X509Certificate2 instance representing the issuing Certificate Authority (CA).

notBefore
DateTimeOffset

The oldest date and time when this certificate is considered valid. Typically UtcNow, plus or minus a few seconds.

notAfter
DateTimeOffset

The date and time when this certificate is no longer considered valid.

serialNumber
Byte[]

The serial number to use for the new certificate. This value should be unique per issuer. The value is interpreted as an unsigned integer of arbitrary size in big-endian byte ordering. RFC 3280 recommends confining it to 20 bytes or less.

Returns

X509Certificate2

An X509Certificate2 object with the specified values. The returned object won't assert HasPrivateKey.

Exceptions

issuerCertificate is null.

The issuerCertificate doesn't contain a private key.

-or-

The type of signing key represented by issuerCertificate couldn't be determined.

-or-

notAfter represents a date and time that happens earlier than notBefore.

-or-

serialNumber is zero length or null.

-or-

issuerCertificate has a different key algorithm than the requested certificate.

-or-

The HasPrivateKey value for issuerCertificate is false.

issuerCertificate is an RSA certificate and the current object was created using a constructor that doesn't accept a padding parameter.

The HashAlgorithm property value is not supported.

Remarks

This method does not support using MD5 or SHA-1 as the hash algorithm for the certificate signature. If you need an MD5 or SHA-1 based certificate signature, you need to implement a custom X509SignatureGenerator and call Create(X500DistinguishedName, X509SignatureGenerator, DateTimeOffset, DateTimeOffset, Byte[]).

Applies to

Create(X509Certificate2, DateTimeOffset, DateTimeOffset, ReadOnlySpan<Byte>)

Create a certificate using the established subject, key, and optional extensions using the provided certificate as the issuer.

public:
 System::Security::Cryptography::X509Certificates::X509Certificate2 ^ Create(System::Security::Cryptography::X509Certificates::X509Certificate2 ^ issuerCertificate, DateTimeOffset notBefore, DateTimeOffset notAfter, ReadOnlySpan<System::Byte> serialNumber);
public System.Security.Cryptography.X509Certificates.X509Certificate2 Create (System.Security.Cryptography.X509Certificates.X509Certificate2 issuerCertificate, DateTimeOffset notBefore, DateTimeOffset notAfter, ReadOnlySpan<byte> serialNumber);
member this.Create : System.Security.Cryptography.X509Certificates.X509Certificate2 * DateTimeOffset * DateTimeOffset * ReadOnlySpan<byte> -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Function Create (issuerCertificate As X509Certificate2, notBefore As DateTimeOffset, notAfter As DateTimeOffset, serialNumber As ReadOnlySpan(Of Byte)) As X509Certificate2

Parameters

issuerCertificate
X509Certificate2

An X509Certificate2 instance representing the issuing Certificate Authority (CA).

notBefore
DateTimeOffset

The oldest date and time where this certificate is considered valid. Typically UtcNow, plus or minus a few seconds.

notAfter
DateTimeOffset

The date and time where this certificate is no longer considered valid.

serialNumber
ReadOnlySpan<Byte>

The serial number to use for the new certificate. This value should be unique per issuer. The value is interpreted as an unsigned (big) integer in big endian byte ordering.

Returns

X509Certificate2

A certificate with the specified values. The returned object will not assert HasPrivateKey.

Exceptions

issuerCertificate is null.

The HasPrivateKey value for issuerCertificate is false.

The type of signing key represented by issuerCertificate could not be determined.

notAfter represents a date and time before notBefore.

serialNumber has length 0.

issuerCertificate has a different key algorithm than the requested certificate.

issuerCertificate is an RSA certificate and this object was created via a constructor that doesn't accept an RSASignaturePadding value.

Applies to

Create(X500DistinguishedName, X509SignatureGenerator, DateTimeOffset, DateTimeOffset, Byte[])

Signs the current certificate request to create a chain-signed or self-signed certificate.

public:
 System::Security::Cryptography::X509Certificates::X509Certificate2 ^ Create(System::Security::Cryptography::X509Certificates::X500DistinguishedName ^ issuerName, System::Security::Cryptography::X509Certificates::X509SignatureGenerator ^ generator, DateTimeOffset notBefore, DateTimeOffset notAfter, cli::array <System::Byte> ^ serialNumber);
public System.Security.Cryptography.X509Certificates.X509Certificate2 Create (System.Security.Cryptography.X509Certificates.X500DistinguishedName issuerName, System.Security.Cryptography.X509Certificates.X509SignatureGenerator generator, DateTimeOffset notBefore, DateTimeOffset notAfter, byte[] serialNumber);
member this.Create : System.Security.Cryptography.X509Certificates.X500DistinguishedName * System.Security.Cryptography.X509Certificates.X509SignatureGenerator * DateTimeOffset * DateTimeOffset * byte[] -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Function Create (issuerName As X500DistinguishedName, generator As X509SignatureGenerator, notBefore As DateTimeOffset, notAfter As DateTimeOffset, serialNumber As Byte()) As X509Certificate2

Parameters

issuerName
X500DistinguishedName

The X500DistinguishedName for the issuer.

generator
X509SignatureGenerator

An X509SignatureGenerator object representing the issuing certificate authority.

notBefore
DateTimeOffset

The oldest date and time when this certificate is considered valid. Typically UtcNow, plus or minus a few seconds.

notAfter
DateTimeOffset

The date and time when this certificate is no longer considered valid.

serialNumber
Byte[]

The serial number to use for the new certificate. This value should be unique per issuer. The value is interpreted as an unsigned integer of arbitrary size in big-endian byte ordering. RFC 3280 recommends confining it to 20 bytes or less.

Returns

X509Certificate2

An X509Certificate2 object with the specified values. The returned object won't assert HasPrivateKey.

Exceptions

issuerCertificate is null.

-or-

generator is null.

notAfter represents a date and time that happens earlier than notBefore.

-or-

serialNumber is zero length or null.

An error occurs during the signing operation.

Applies to

Create(X500DistinguishedName, X509SignatureGenerator, DateTimeOffset, DateTimeOffset, ReadOnlySpan<Byte>)

Sign the current certificate request to create a chain-signed or self-signed certificate.

public:
 System::Security::Cryptography::X509Certificates::X509Certificate2 ^ Create(System::Security::Cryptography::X509Certificates::X500DistinguishedName ^ issuerName, System::Security::Cryptography::X509Certificates::X509SignatureGenerator ^ generator, DateTimeOffset notBefore, DateTimeOffset notAfter, ReadOnlySpan<System::Byte> serialNumber);
public System.Security.Cryptography.X509Certificates.X509Certificate2 Create (System.Security.Cryptography.X509Certificates.X500DistinguishedName issuerName, System.Security.Cryptography.X509Certificates.X509SignatureGenerator generator, DateTimeOffset notBefore, DateTimeOffset notAfter, ReadOnlySpan<byte> serialNumber);
member this.Create : System.Security.Cryptography.X509Certificates.X500DistinguishedName * System.Security.Cryptography.X509Certificates.X509SignatureGenerator * DateTimeOffset * DateTimeOffset * ReadOnlySpan<byte> -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Function Create (issuerName As X500DistinguishedName, generator As X509SignatureGenerator, notBefore As DateTimeOffset, notAfter As DateTimeOffset, serialNumber As ReadOnlySpan(Of Byte)) As X509Certificate2

Parameters

issuerName
X500DistinguishedName

The distinguished name of the issuer.

generator
X509SignatureGenerator

The issuing certificate authority.

notBefore
DateTimeOffset

The oldest date and time where this certificate is considered valid. Typically UtcNow, plus or minus a few seconds.

notAfter
DateTimeOffset

The date and time where this certificate is no longer considered valid.

serialNumber
ReadOnlySpan<Byte>

The serial number to use for the new certificate. This value should be unique per issuer. The value is interpreted as an unsigned (big) integer in big endian byte ordering.

Returns

X509Certificate2

A certificate with the specified values. The returned object will not assert HasPrivateKey.

Exceptions

issuerName or generator is null.

notAfter represents a date and time before notBefore.

-or

serialNumber has length 0.

An error occurred during the signing operation.

Applies to