CertificateRequest.Create Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Overloads
| Create(X509Certificate2, DateTimeOffset, DateTimeOffset, Byte[]) |
Creates a certificate using the established subject, key, and optional extensions using the specified certificate as the issuer. |
| Create(X509Certificate2, DateTimeOffset, DateTimeOffset, ReadOnlySpan<Byte>) |
Create a certificate using the established subject, key, and optional extensions using the provided certificate as the issuer. |
| Create(X500DistinguishedName, X509SignatureGenerator, DateTimeOffset, DateTimeOffset, Byte[]) |
Signs the current certificate request to create a chain-signed or self-signed certificate. |
| Create(X500DistinguishedName, X509SignatureGenerator, DateTimeOffset, DateTimeOffset, ReadOnlySpan<Byte>) |
Sign the current certificate request to create a chain-signed or self-signed certificate. |
Create(X509Certificate2, DateTimeOffset, DateTimeOffset, Byte[])
- Source:
- CertificateRequest.cs
- Source:
- CertificateRequest.cs
- Source:
- CertificateRequest.cs
Creates a certificate using the established subject, key, and optional extensions using the specified certificate as the issuer.
public:
System::Security::Cryptography::X509Certificates::X509Certificate2 ^ Create(System::Security::Cryptography::X509Certificates::X509Certificate2 ^ issuerCertificate, DateTimeOffset notBefore, DateTimeOffset notAfter, cli::array <System::Byte> ^ serialNumber);public System.Security.Cryptography.X509Certificates.X509Certificate2 Create (System.Security.Cryptography.X509Certificates.X509Certificate2 issuerCertificate, DateTimeOffset notBefore, DateTimeOffset notAfter, byte[] serialNumber);member this.Create : System.Security.Cryptography.X509Certificates.X509Certificate2 * DateTimeOffset * DateTimeOffset * byte[] -> System.Security.Cryptography.X509Certificates.X509Certificate2Public Function Create (issuerCertificate As X509Certificate2, notBefore As DateTimeOffset, notAfter As DateTimeOffset, serialNumber As Byte()) As X509Certificate2Parameters
- issuerCertificate
- X509Certificate2
An X509Certificate2 instance representing the issuing Certificate Authority (CA).
- notBefore
- DateTimeOffset
The oldest date and time when this certificate is considered valid. Typically UtcNow, plus or minus a few seconds.
- notAfter
- DateTimeOffset
The date and time when this certificate is no longer considered valid.
- serialNumber
- Byte[]
The serial number to use for the new certificate. This value should be unique per issuer. The value is interpreted as an unsigned integer of arbitrary size in big-endian byte ordering. RFC 3280 recommends confining it to 20 bytes or less.
Returns
An X509Certificate2 object with the specified values. The returned object won't assert HasPrivateKey.
Exceptions
issuerCertificate is null.
The issuerCertificate doesn't contain a private key.
-or-
The type of signing key represented by issuerCertificate couldn't be determined.
-or-
notAfter represents a date and time that happens earlier than notBefore.
-or-
serialNumber is zero length or null.
-or-
issuerCertificate has a different key algorithm than the requested certificate.
-or-
The HasPrivateKey value for issuerCertificate is false.
issuerCertificate is an RSA certificate and the current object was created using a constructor that doesn't accept a padding parameter.
The HashAlgorithm property value is not supported.
Remarks
This method does not support using MD5 or SHA-1 as the hash algorithm for the certificate signature. If you need an MD5 or SHA-1 based certificate signature, you need to implement a custom X509SignatureGenerator and call Create(X500DistinguishedName, X509SignatureGenerator, DateTimeOffset, DateTimeOffset, Byte[]).
Applies to
Create(X509Certificate2, DateTimeOffset, DateTimeOffset, ReadOnlySpan<Byte>)
- Source:
- CertificateRequest.cs
- Source:
- CertificateRequest.cs
- Source:
- CertificateRequest.cs
Create a certificate using the established subject, key, and optional extensions using the provided certificate as the issuer.
public:
System::Security::Cryptography::X509Certificates::X509Certificate2 ^ Create(System::Security::Cryptography::X509Certificates::X509Certificate2 ^ issuerCertificate, DateTimeOffset notBefore, DateTimeOffset notAfter, ReadOnlySpan<System::Byte> serialNumber);public System.Security.Cryptography.X509Certificates.X509Certificate2 Create (System.Security.Cryptography.X509Certificates.X509Certificate2 issuerCertificate, DateTimeOffset notBefore, DateTimeOffset notAfter, ReadOnlySpan<byte> serialNumber);member this.Create : System.Security.Cryptography.X509Certificates.X509Certificate2 * DateTimeOffset * DateTimeOffset * ReadOnlySpan<byte> -> System.Security.Cryptography.X509Certificates.X509Certificate2Public Function Create (issuerCertificate As X509Certificate2, notBefore As DateTimeOffset, notAfter As DateTimeOffset, serialNumber As ReadOnlySpan(Of Byte)) As X509Certificate2Parameters
- issuerCertificate
- X509Certificate2
An X509Certificate2 instance representing the issuing Certificate Authority (CA).
- notBefore
- DateTimeOffset
The oldest date and time where this certificate is considered valid. Typically UtcNow, plus or minus a few seconds.
- notAfter
- DateTimeOffset
The date and time where this certificate is no longer considered valid.
- serialNumber
- ReadOnlySpan<Byte>
The serial number to use for the new certificate. This value should be unique per issuer. The value is interpreted as an unsigned (big) integer in big endian byte ordering.
Returns
A certificate with the specified values. The returned object will not assert HasPrivateKey.
Exceptions
issuerCertificate is null.
The HasPrivateKey value for issuerCertificate is false.
The type of signing key represented by issuerCertificate could not be determined.
notAfter represents a date and time before notBefore.
serialNumber has length 0.
issuerCertificate has a different key algorithm than the requested certificate.
issuerCertificate is an RSA certificate and this object was created via a constructor that doesn't accept an RSASignaturePadding value.
Applies to
Create(X500DistinguishedName, X509SignatureGenerator, DateTimeOffset, DateTimeOffset, Byte[])
- Source:
- CertificateRequest.cs
- Source:
- CertificateRequest.cs
- Source:
- CertificateRequest.cs
Signs the current certificate request to create a chain-signed or self-signed certificate.
public:
System::Security::Cryptography::X509Certificates::X509Certificate2 ^ Create(System::Security::Cryptography::X509Certificates::X500DistinguishedName ^ issuerName, System::Security::Cryptography::X509Certificates::X509SignatureGenerator ^ generator, DateTimeOffset notBefore, DateTimeOffset notAfter, cli::array <System::Byte> ^ serialNumber);public System.Security.Cryptography.X509Certificates.X509Certificate2 Create (System.Security.Cryptography.X509Certificates.X500DistinguishedName issuerName, System.Security.Cryptography.X509Certificates.X509SignatureGenerator generator, DateTimeOffset notBefore, DateTimeOffset notAfter, byte[] serialNumber);member this.Create : System.Security.Cryptography.X509Certificates.X500DistinguishedName * System.Security.Cryptography.X509Certificates.X509SignatureGenerator * DateTimeOffset * DateTimeOffset * byte[] -> System.Security.Cryptography.X509Certificates.X509Certificate2Public Function Create (issuerName As X500DistinguishedName, generator As X509SignatureGenerator, notBefore As DateTimeOffset, notAfter As DateTimeOffset, serialNumber As Byte()) As X509Certificate2Parameters
- issuerName
- X500DistinguishedName
The X500DistinguishedName for the issuer.
- generator
- X509SignatureGenerator
An X509SignatureGenerator object representing the issuing certificate authority.
- notBefore
- DateTimeOffset
The oldest date and time when this certificate is considered valid. Typically UtcNow, plus or minus a few seconds.
- notAfter
- DateTimeOffset
The date and time when this certificate is no longer considered valid.
- serialNumber
- Byte[]
The serial number to use for the new certificate. This value should be unique per issuer. The value is interpreted as an unsigned integer of arbitrary size in big-endian byte ordering. RFC 3280 recommends confining it to 20 bytes or less.
Returns
An X509Certificate2 object with the specified values. The returned object won't assert HasPrivateKey.
Exceptions
notAfter represents a date and time that happens earlier than notBefore.
-or-
serialNumber is zero length or null.
An error occurs during the signing operation.
Applies to
Create(X500DistinguishedName, X509SignatureGenerator, DateTimeOffset, DateTimeOffset, ReadOnlySpan<Byte>)
- Source:
- CertificateRequest.cs
- Source:
- CertificateRequest.cs
- Source:
- CertificateRequest.cs
Sign the current certificate request to create a chain-signed or self-signed certificate.
public:
System::Security::Cryptography::X509Certificates::X509Certificate2 ^ Create(System::Security::Cryptography::X509Certificates::X500DistinguishedName ^ issuerName, System::Security::Cryptography::X509Certificates::X509SignatureGenerator ^ generator, DateTimeOffset notBefore, DateTimeOffset notAfter, ReadOnlySpan<System::Byte> serialNumber);public System.Security.Cryptography.X509Certificates.X509Certificate2 Create (System.Security.Cryptography.X509Certificates.X500DistinguishedName issuerName, System.Security.Cryptography.X509Certificates.X509SignatureGenerator generator, DateTimeOffset notBefore, DateTimeOffset notAfter, ReadOnlySpan<byte> serialNumber);member this.Create : System.Security.Cryptography.X509Certificates.X500DistinguishedName * System.Security.Cryptography.X509Certificates.X509SignatureGenerator * DateTimeOffset * DateTimeOffset * ReadOnlySpan<byte> -> System.Security.Cryptography.X509Certificates.X509Certificate2Public Function Create (issuerName As X500DistinguishedName, generator As X509SignatureGenerator, notBefore As DateTimeOffset, notAfter As DateTimeOffset, serialNumber As ReadOnlySpan(Of Byte)) As X509Certificate2Parameters
- issuerName
- X500DistinguishedName
The distinguished name of the issuer.
- generator
- X509SignatureGenerator
The issuing certificate authority.
- notBefore
- DateTimeOffset
The oldest date and time where this certificate is considered valid. Typically UtcNow, plus or minus a few seconds.
- notAfter
- DateTimeOffset
The date and time where this certificate is no longer considered valid.
- serialNumber
- ReadOnlySpan<Byte>
The serial number to use for the new certificate. This value should be unique per issuer. The value is interpreted as an unsigned (big) integer in big endian byte ordering.
Returns
A certificate with the specified values. The returned object will not assert HasPrivateKey.
Exceptions
issuerName or generator is null.
notAfter represents a date and time before notBefore.
-or
serialNumber has length 0.
An error occurred during the signing operation.
Applies to
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for