Rediger

Del via


CertificateRequest.CreateSigningRequest Method

Definition

Overloads

CreateSigningRequest()

Creates an ASN.1 DER-encoded PKCS#10 CertificationRequest value representing the state of the current object.

CreateSigningRequest(X509SignatureGenerator)

Creates an ASN.1 DER-encoded PKCS#10 CertificationRequest representing the current state of the current object using the provided signature generator.

CreateSigningRequest()

Source:
CertificateRequest.cs
Source:
CertificateRequest.cs
Source:
CertificateRequest.cs

Creates an ASN.1 DER-encoded PKCS#10 CertificationRequest value representing the state of the current object.

public:
 cli::array <System::Byte> ^ CreateSigningRequest();
public byte[] CreateSigningRequest ();
member this.CreateSigningRequest : unit -> byte[]
Public Function CreateSigningRequest () As Byte()

Returns

Byte[]

A DER-encoded certificate signing request.

Exceptions

The current object was created using a constructor that doesn't accept a signing key.

The HashAlgorithm property value is not supported.

A cryptographic error occurs while creating the signing request.

Remarks

This method does not support using MD5 or SHA-1 as the hash algorithm for the signing request signature. If you need an MD5 or SHA-1 based signing request, you need to implement a custom X509SignatureGenerator and call CreateSigningRequest(X509SignatureGenerator).

When submitting a certificate signing request via a web browser, or other graphical or textual interface, the input is frequently expected to be in the Privacy Enhanced Mail (PEM) format, instead of the DER binary format. To convert the return value to PEM format, make a string consisting of -----BEGIN CERTIFICATE REQUEST-----, a newline, the Base-64-encoded representation of the request (by convention, linewrapped at 64 characters), a newline, and -----END CERTIFICATE REQUEST-----.

public static string PemEncodeSigningRequest(CertificateRequest request, PkcsSignatureGenerator generator)
{
    byte[] pkcs10 = request.CreateSigningRequest(generator);
    StringBuilder builder = new StringBuilder();

    builder.AppendLine("-----BEGIN CERTIFICATE REQUEST-----");

    string base64 = Convert.ToBase64String(pkcs10);

    int offset = 0;
    const int LineLength = 64;

    while (offset < base64.Length)
    {
        int lineEnd = Math.Min(offset + LineLength, base64.Length);
        builder.AppendLine(base64.Substring(offset, lineEnd - offset));
        offset = lineEnd;
     }

     builder.AppendLine("-----END CERTIFICATE REQUEST-----");
     return builder.ToString();
}

Applies to

CreateSigningRequest(X509SignatureGenerator)

Source:
CertificateRequest.cs
Source:
CertificateRequest.cs
Source:
CertificateRequest.cs

Creates an ASN.1 DER-encoded PKCS#10 CertificationRequest representing the current state of the current object using the provided signature generator.

public:
 cli::array <System::Byte> ^ CreateSigningRequest(System::Security::Cryptography::X509Certificates::X509SignatureGenerator ^ signatureGenerator);
public byte[] CreateSigningRequest (System.Security.Cryptography.X509Certificates.X509SignatureGenerator signatureGenerator);
member this.CreateSigningRequest : System.Security.Cryptography.X509Certificates.X509SignatureGenerator -> byte[]
Public Function CreateSigningRequest (signatureGenerator As X509SignatureGenerator) As Byte()

Parameters

signatureGenerator
X509SignatureGenerator

The signature generator with which to sign the request.

Returns

Byte[]

A DER-encoded certificate signing request.

Exceptions

signatureGenerator is null.

A cryptographic error occurs while creating the signing request.

OtherRequestAttributes contains a null value.

-or-

OtherRequestAttributes contains an entry with a nullOid value.

-or-

OtherRequestAttributes contains an entry representing the PKCS#9 Extension Request Attribute (1.2.840.113549.1.9.14).

-or-

CertificateExtensions contains a null value.

-or-

CertificateExtensions contains an entry with a nullOid value.

-or-

This object was created with a constructor that did not accept a signing key.

Remarks

When submitting a certificate signing request via a web browser or other graphical or textual interface, the input is frequently expected to be in the PEM (Privacy Enhanced Mail) format, instead of the DER binary format.

Applies to