Modifier

Partager via

CertificateRequest.Create Method

  • Reference

Definition

Namespace:
System.Security.Cryptography.X509Certificates
Assembly:
System.Security.Cryptography.X509Certificates.dll
Assembly:
System.Security.Cryptography.dll
Assembly:
System.Core.dll
Assembly:
netstandard.dll

Overloads

Create(X509Certificate2, DateTimeOffset, DateTimeOffset, Byte[])

Creates a certificate using the established subject, key, and optional extensions using the specified certificate as the issuer.
Create(X509Certificate2, DateTimeOffset, DateTimeOffset, ReadOnlySpan<Byte>)

Create a certificate using the established subject, key, and optional extensions using the provided certificate as the issuer.
Create(X500DistinguishedName, X509SignatureGenerator, DateTimeOffset, DateTimeOffset, Byte[])

Signs the current certificate request to create a chain-signed or self-signed certificate.
Create(X500DistinguishedName, X509SignatureGenerator, DateTimeOffset, DateTimeOffset, ReadOnlySpan<Byte>)

Sign the current certificate request to create a chain-signed or self-signed certificate.

Create(X509Certificate2, DateTimeOffset, DateTimeOffset, Byte[])

Source:
CertificateRequest.cs
Source:
CertificateRequest.cs
Source:
CertificateRequest.cs

Creates a certificate using the established subject, key, and optional extensions using the specified certificate as the issuer.

public:
 System::Security::Cryptography::X509Certificates::X509Certificate2 ^ Create(System::Security::Cryptography::X509Certificates::X509Certificate2 ^ issuerCertificate, DateTimeOffset notBefore, DateTimeOffset notAfter, cli::array <System::Byte> ^ serialNumber);
public System.Security.Cryptography.X509Certificates.X509Certificate2 Create (System.Security.Cryptography.X509Certificates.X509Certificate2 issuerCertificate, DateTimeOffset notBefore, DateTimeOffset notAfter, byte[] serialNumber);
member this.Create : System.Security.Cryptography.X509Certificates.X509Certificate2 * DateTimeOffset * DateTimeOffset * byte[] -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Function Create (issuerCertificate As X509Certificate2, notBefore As DateTimeOffset, notAfter As DateTimeOffset, serialNumber As Byte()) As X509Certificate2

Parameters

issuerCertificate
X509Certificate2

An X509Certificate2 instance representing the issuing Certificate Authority (CA).

notBefore
DateTimeOffset

The oldest date and time when this certificate is considered valid. Typically UtcNow, plus or minus a few seconds.

notAfter
DateTimeOffset

The date and time when this certificate is no longer considered valid.

serialNumber
Byte[]

The serial number to use for the new certificate. This value should be unique per issuer. The value is interpreted as an unsigned integer of arbitrary size in big-endian byte ordering. RFC 3280 recommends confining it to 20 bytes or less.

Returns

X509Certificate2

An X509Certificate2 object with the specified values. The returned object won't assert HasPrivateKey.

Exceptions

ArgumentNullException

issuerCertificate is null.

ArgumentException

The issuerCertificate doesn't contain a private key.

-or-

The type of signing key represented by issuerCertificate couldn't be determined.

-or-

notAfter represents a date and time that happens earlier than notBefore.

-or-

serialNumber is zero length or null.

-or-

issuerCertificate has a different key algorithm than the requested certificate.

-or-

The HasPrivateKey value for issuerCertificate is false.

InvalidOperationException

issuerCertificate is an RSA certificate and the current object was created using a constructor that doesn't accept a padding parameter.

ArgumentOutOfRangeException

The HashAlgorithm property value is not supported.

Remarks

This method does not support using MD5 or SHA-1 as the hash algorithm for the certificate signature. If you need an MD5 or SHA-1 based certificate signature, you need to implement a custom X509SignatureGenerator and call Create(X500DistinguishedName, X509SignatureGenerator, DateTimeOffset, DateTimeOffset, Byte[]).

Applies to

Create(X509Certificate2, DateTimeOffset, DateTimeOffset, ReadOnlySpan<Byte>)

Source:
CertificateRequest.cs
Source:
CertificateRequest.cs
Source:
CertificateRequest.cs

Create a certificate using the established subject, key, and optional extensions using the provided certificate as the issuer.

public:
 System::Security::Cryptography::X509Certificates::X509Certificate2 ^ Create(System::Security::Cryptography::X509Certificates::X509Certificate2 ^ issuerCertificate, DateTimeOffset notBefore, DateTimeOffset notAfter, ReadOnlySpan<System::Byte> serialNumber);
public System.Security.Cryptography.X509Certificates.X509Certificate2 Create (System.Security.Cryptography.X509Certificates.X509Certificate2 issuerCertificate, DateTimeOffset notBefore, DateTimeOffset notAfter, ReadOnlySpan<byte> serialNumber);
member this.Create : System.Security.Cryptography.X509Certificates.X509Certificate2 * DateTimeOffset * DateTimeOffset * ReadOnlySpan<byte> -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Function Create (issuerCertificate As X509Certificate2, notBefore As DateTimeOffset, notAfter As DateTimeOffset, serialNumber As ReadOnlySpan(Of Byte)) As X509Certificate2

Parameters

issuerCertificate
X509Certificate2

An X509Certificate2 instance representing the issuing Certificate Authority (CA).

notBefore
DateTimeOffset

The oldest date and time where this certificate is considered valid. Typically UtcNow, plus or minus a few seconds.

notAfter
DateTimeOffset

The date and time where this certificate is no longer considered valid.

serialNumber
ReadOnlySpan<Byte>

The serial number to use for the new certificate. This value should be unique per issuer. The value is interpreted as an unsigned (big) integer in big endian byte ordering.

Returns

X509Certificate2

A certificate with the specified values. The returned object will not assert HasPrivateKey.

Exceptions

ArgumentNullException

issuerCertificate is null.

ArgumentException

The HasPrivateKey value for issuerCertificate is false.

ArgumentException

The type of signing key represented by issuerCertificate could not be determined.

ArgumentException

notAfter represents a date and time before notBefore.

ArgumentException

serialNumber has length 0.

ArgumentException

issuerCertificate has a different key algorithm than the requested certificate.

InvalidOperationException

issuerCertificate is an RSA certificate and this object was created via a constructor that doesn't accept an RSASignaturePadding value.

Applies to

Create(X500DistinguishedName, X509SignatureGenerator, DateTimeOffset, DateTimeOffset, Byte[])

Source:
CertificateRequest.cs
Source:
CertificateRequest.cs
Source:
CertificateRequest.cs

Signs the current certificate request to create a chain-signed or self-signed certificate.

public:
 System::Security::Cryptography::X509Certificates::X509Certificate2 ^ Create(System::Security::Cryptography::X509Certificates::X500DistinguishedName ^ issuerName, System::Security::Cryptography::X509Certificates::X509SignatureGenerator ^ generator, DateTimeOffset notBefore, DateTimeOffset notAfter, cli::array <System::Byte> ^ serialNumber);
public System.Security.Cryptography.X509Certificates.X509Certificate2 Create (System.Security.Cryptography.X509Certificates.X500DistinguishedName issuerName, System.Security.Cryptography.X509Certificates.X509SignatureGenerator generator, DateTimeOffset notBefore, DateTimeOffset notAfter, byte[] serialNumber);
member this.Create : System.Security.Cryptography.X509Certificates.X500DistinguishedName * System.Security.Cryptography.X509Certificates.X509SignatureGenerator * DateTimeOffset * DateTimeOffset * byte[] -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Function Create (issuerName As X500DistinguishedName, generator As X509SignatureGenerator, notBefore As DateTimeOffset, notAfter As DateTimeOffset, serialNumber As Byte()) As X509Certificate2

Parameters

issuerName
X500DistinguishedName

The X500DistinguishedName for the issuer.

generator
X509SignatureGenerator

An X509SignatureGenerator object representing the issuing certificate authority.

notBefore
DateTimeOffset

The oldest date and time when this certificate is considered valid. Typically UtcNow, plus or minus a few seconds.

notAfter
DateTimeOffset

The date and time when this certificate is no longer considered valid.

serialNumber
Byte[]

The serial number to use for the new certificate. This value should be unique per issuer. The value is interpreted as an unsigned integer of arbitrary size in big-endian byte ordering. RFC 3280 recommends confining it to 20 bytes or less.

Returns

X509Certificate2

An X509Certificate2 object with the specified values. The returned object won't assert HasPrivateKey.

Exceptions

ArgumentNullException

issuerCertificate is null.

-or-

generator is null.

ArgumentException

notAfter represents a date and time that happens earlier than notBefore.

-or-

serialNumber is zero length or null.

CryptographicException

An error occurs during the signing operation.

Applies to

Create(X500DistinguishedName, X509SignatureGenerator, DateTimeOffset, DateTimeOffset, ReadOnlySpan<Byte>)

Source:
CertificateRequest.cs
Source:
CertificateRequest.cs
Source:
CertificateRequest.cs

Sign the current certificate request to create a chain-signed or self-signed certificate.

public:
 System::Security::Cryptography::X509Certificates::X509Certificate2 ^ Create(System::Security::Cryptography::X509Certificates::X500DistinguishedName ^ issuerName, System::Security::Cryptography::X509Certificates::X509SignatureGenerator ^ generator, DateTimeOffset notBefore, DateTimeOffset notAfter, ReadOnlySpan<System::Byte> serialNumber);
public System.Security.Cryptography.X509Certificates.X509Certificate2 Create (System.Security.Cryptography.X509Certificates.X500DistinguishedName issuerName, System.Security.Cryptography.X509Certificates.X509SignatureGenerator generator, DateTimeOffset notBefore, DateTimeOffset notAfter, ReadOnlySpan<byte> serialNumber);
member this.Create : System.Security.Cryptography.X509Certificates.X500DistinguishedName * System.Security.Cryptography.X509Certificates.X509SignatureGenerator * DateTimeOffset * DateTimeOffset * ReadOnlySpan<byte> -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Function Create (issuerName As X500DistinguishedName, generator As X509SignatureGenerator, notBefore As DateTimeOffset, notAfter As DateTimeOffset, serialNumber As ReadOnlySpan(Of Byte)) As X509Certificate2

Parameters

issuerName
X500DistinguishedName

The distinguished name of the issuer.

generator
X509SignatureGenerator

The issuing certificate authority.

notBefore
DateTimeOffset

The oldest date and time where this certificate is considered valid. Typically UtcNow, plus or minus a few seconds.

notAfter
DateTimeOffset

The date and time where this certificate is no longer considered valid.

serialNumber
ReadOnlySpan<Byte>

The serial number to use for the new certificate. This value should be unique per issuer. The value is interpreted as an unsigned (big) integer in big endian byte ordering.

Returns

X509Certificate2

A certificate with the specified values. The returned object will not assert HasPrivateKey.

Exceptions

ArgumentNullException

issuerName or generator is null.

ArgumentException

notAfter represents a date and time before notBefore.

-or

serialNumber has length 0.

CryptographicException

An error occurred during the signing operation.

Applies to