X509Certificate2.CreateFromEncryptedPem(ReadOnlySpan<Char>, ReadOnlySpan<Char>, ReadOnlySpan<Char>) Method


Creates a new X509 certificate from the contents of an RFC 7468 PEM-encoded certificate and password protected private key.

 static System::Security::Cryptography::X509Certificates::X509Certificate2 ^ CreateFromEncryptedPem(ReadOnlySpan<char> certPem, ReadOnlySpan<char> keyPem, ReadOnlySpan<char> password);
public static System.Security.Cryptography.X509Certificates.X509Certificate2 CreateFromEncryptedPem (ReadOnlySpan<char> certPem, ReadOnlySpan<char> keyPem, ReadOnlySpan<char> password);
static member CreateFromEncryptedPem : ReadOnlySpan<char> * ReadOnlySpan<char> * ReadOnlySpan<char> -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Shared Function CreateFromEncryptedPem (certPem As ReadOnlySpan(Of Char), keyPem As ReadOnlySpan(Of Char), password As ReadOnlySpan(Of Char)) As X509Certificate2



The text of the PEM-encoded X509 certificate.


The text of the password protected PEM-encoded private key.


The password for the encrypted PEM.



A new certificate with the private key.


The contents of certPem do not contain a PEM-encoded certificate, or it is malformed.


The contents of keyPem do not contain a password protected PEM-encoded private key, or it is malformed.


The contents of keyPem contains a key that does not match the public key in the certificate.


The certificate uses an unknown public key algorithm.


The password specified for the private key is incorrect.


Password protected PEM-encoded keys are always expected to have the PEM label "ENCRYPTED PRIVATE KEY".

PEM-encoded items that have a different label are ignored.

If the PEM-encoded certificate and private key are in the same text, use the same string for both certPem and keyPem, for example, CreateFromEncryptedPem(combinedCertAndKey, combinedCertAndKey, theKeyPassword);. Combined PEM-encoded certificates and keys do not require a specific order. For the certificate, the the first certificate with a CERTIFICATE label is loaded. For the private key, the first private key with the label "ENCRYPTED PRIVATE KEY" is loaded. More advanced scenarios for loading certificates and private keys can leverage PemEncoding to enumerate PEM-encoded values and apply any custom loading behavior.

For PEM-encoded keys without a password, use CreateFromPem(ReadOnlySpan<Char>, ReadOnlySpan<Char>).

Applies to