CryptoSys PKI Pro Manual

X509.MakeCert Method

Create a new X.509 certificate using subject's public key and issuer's private key files with signature options.

Syntax

[C#]
public static int MakeCert(
	string certFile,
	string issuerCert,
	string subjectPubKeyFile,
	string issuerPriKeyFile,
	int certNum,
	int yearsValid,
	string distName,
	string extensions,
	X509.KeyUsageOptions keyUsageOptions,
	string password,
	SigAlgorithm sigAlg,
	X509.CertOptions options
)
[VB.NET]
Public Shared Function MakeCert ( _
	certFile As String, _
	issuerCert As String, _
	subjectPubKeyFile As String, _
	issuerPriKeyFile As String, _
	certNum As Integer, _
	yearsValid As Integer, _
	distName As String, _
	extensions As String, _
	keyUsageOptions As X509.KeyUsageOptions, _
	password As String, _
	sigAlg As SigAlgorithm, _
	options As X509.CertOptions _
) As Integer

Parameters

certFile
Name of file to be created
issuerCert
Name of issuer's certificate file
subjectPubKeyFile
File containing subjects public key data
issuerPriKeyFile
File containing issuer's private key data
certNum
Issue number for new certificate
yearsValid
How many years to be valid
distName
Distinguished name string. See Distinguished Names in the main manual.
extensions
Extensions: a list of attribute-value pairs separated by semicolons (;). See X.509 Extensions Parameter in the main manual.
keyUsageOptions
Type: X509.KeyUsageOptions
Key usage options
password
For issuer's private key, if encrypted.
sigAlg
Type: SigAlgorithm
Signature algorithm to sign certificate.
options
Type: X509.CertOptions
Option flags: set as zero for defaults.

Return Value

Zero if successful or a non-zero error code

Remarks

Valid extensions are:
rfc822Name=string;To set the rfc822 email address in the subjectAltName extension, e.g. rfc822Name=myname@testorg.com.
serialNumber=hex-digits;To override the serial number set by certNum with a larger, unlimited integer in hexadecimal format, e.g. serialNumber=12deadbeefcafe0123.
subjectKeyIdentifier=hex-digits;To set the subjectAltName extension with an octet string (binary) value specified in hex format e.g. subjectKeyIdentifier=fedcba9876543210.
notAfter=iso-date-string;To override the validity period set by yearsValid with a specific date and time in ISO format, e.g. notAfter=2020-12-31 or notAfter=2020-12-31T14:03:59. If no time is given it will default to 23:59:59. Note that this time is UTC (GMT) not local.
notBefore=iso-date-string;To override the default start time from one minute ago to a specific date and time in ISO format, e.g. notBefore=2008-12-31. If no time is given it will default to 00:00:01. Note that this time is UTC (GMT) not local.
<dotted-oid>=#<hexstring>;Add an arbitrary X.509 version 3 Extension with typeID set to decoded <dotted-oid> and extnValue set to ASN.1 value encoded in <hexstring>.

As an alternative, you can create a new X.509 certificate using a PKCS-10 certificate signing request (CSR) file. Pass the name of the CSR file in the subjectPubkeyFile parameter and set the distName empty "". The empty distinguished name parameter is a flag that a CSR file is being used.

See Also

VB6/C equivalent: X509_MakeCert

[Contents] [Index]

[PREV: X509.KeyUsageFlags Method...]   [Contents]   [Index]   
   [NEXT: X509.MakeCertSelf Method...]
Copyright © 2004-24 D.I. Management Services Pty Ltd. All rights reserved. Generated 2024-09-23T07:52:09Z.