CertificateRequest.Create Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Overloads
Create(X509Certificate2, DateTimeOffset, DateTimeOffset, Byte[]) |
Creates a certificate using the established subject, key, and optional extensions using the specified certificate as the issuer. |
Create(X509Certificate2, DateTimeOffset, DateTimeOffset, ReadOnlySpan<Byte>) |
Create a certificate using the established subject, key, and optional extensions using the provided certificate as the issuer. |
Create(X500DistinguishedName, X509SignatureGenerator, DateTimeOffset, DateTimeOffset, Byte[]) |
Signs the current certificate request to create a chain-signed or self-signed certificate. |
Create(X500DistinguishedName, X509SignatureGenerator, DateTimeOffset, DateTimeOffset, ReadOnlySpan<Byte>) |
Sign the current certificate request to create a chain-signed or self-signed certificate. |
Create(X509Certificate2, DateTimeOffset, DateTimeOffset, Byte[])
- Source:
- CertificateRequest.cs
- Source:
- CertificateRequest.cs
- Source:
- CertificateRequest.cs
Creates a certificate using the established subject, key, and optional extensions using the specified certificate as the issuer.
public:
System::Security::Cryptography::X509Certificates::X509Certificate2 ^ Create(System::Security::Cryptography::X509Certificates::X509Certificate2 ^ issuerCertificate, DateTimeOffset notBefore, DateTimeOffset notAfter, cli::array <System::Byte> ^ serialNumber);
public System.Security.Cryptography.X509Certificates.X509Certificate2 Create (System.Security.Cryptography.X509Certificates.X509Certificate2 issuerCertificate, DateTimeOffset notBefore, DateTimeOffset notAfter, byte[] serialNumber);
member this.Create : System.Security.Cryptography.X509Certificates.X509Certificate2 * DateTimeOffset * DateTimeOffset * byte[] -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Function Create (issuerCertificate As X509Certificate2, notBefore As DateTimeOffset, notAfter As DateTimeOffset, serialNumber As Byte()) As X509Certificate2
Parameters
- issuerCertificate
- X509Certificate2
An X509Certificate2 instance representing the issuing Certificate Authority (CA).
- notBefore
- DateTimeOffset
The oldest date and time when this certificate is considered valid. Typically UtcNow, plus or minus a few seconds.
- notAfter
- DateTimeOffset
The date and time when this certificate is no longer considered valid.
- serialNumber
- Byte[]
The serial number to use for the new certificate. This value should be unique per issuer. The value is interpreted as an unsigned integer of arbitrary size in big-endian byte ordering. RFC 3280 recommends confining it to 20 bytes or less.
Returns
An X509Certificate2 object with the specified values. The returned object won't assert HasPrivateKey.
Exceptions
issuerCertificate
is null
.
The issuerCertificate
doesn't contain a private key.
-or-
The type of signing key represented by issuerCertificate
couldn't be determined.
-or-
notAfter
represents a date and time that happens earlier than notBefore
.
-or-
serialNumber
is zero length or null
.
-or-
issuerCertificate
has a different key algorithm than the requested certificate.
-or-
The HasPrivateKey value for issuerCertificate
is false
.
issuerCertificate
is an RSA certificate and the current object was created using a constructor that doesn't accept a padding
parameter.
The HashAlgorithm property value is not supported.
Remarks
This method does not support using MD5 or SHA-1 as the hash algorithm for the certificate signature. If you need an MD5 or SHA-1 based certificate signature, you need to implement a custom X509SignatureGenerator and call Create(X500DistinguishedName, X509SignatureGenerator, DateTimeOffset, DateTimeOffset, Byte[]).
Applies to
Create(X509Certificate2, DateTimeOffset, DateTimeOffset, ReadOnlySpan<Byte>)
- Source:
- CertificateRequest.cs
- Source:
- CertificateRequest.cs
- Source:
- CertificateRequest.cs
Create a certificate using the established subject, key, and optional extensions using the provided certificate as the issuer.
public:
System::Security::Cryptography::X509Certificates::X509Certificate2 ^ Create(System::Security::Cryptography::X509Certificates::X509Certificate2 ^ issuerCertificate, DateTimeOffset notBefore, DateTimeOffset notAfter, ReadOnlySpan<System::Byte> serialNumber);
public System.Security.Cryptography.X509Certificates.X509Certificate2 Create (System.Security.Cryptography.X509Certificates.X509Certificate2 issuerCertificate, DateTimeOffset notBefore, DateTimeOffset notAfter, ReadOnlySpan<byte> serialNumber);
member this.Create : System.Security.Cryptography.X509Certificates.X509Certificate2 * DateTimeOffset * DateTimeOffset * ReadOnlySpan<byte> -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Function Create (issuerCertificate As X509Certificate2, notBefore As DateTimeOffset, notAfter As DateTimeOffset, serialNumber As ReadOnlySpan(Of Byte)) As X509Certificate2
Parameters
- issuerCertificate
- X509Certificate2
An X509Certificate2 instance representing the issuing Certificate Authority (CA).
- notBefore
- DateTimeOffset
The oldest date and time where this certificate is considered valid. Typically UtcNow, plus or minus a few seconds.
- notAfter
- DateTimeOffset
The date and time where this certificate is no longer considered valid.
- serialNumber
- ReadOnlySpan<Byte>
The serial number to use for the new certificate. This value should be unique per issuer. The value is interpreted as an unsigned (big) integer in big endian byte ordering.
Returns
A certificate with the specified values. The returned object will not assert HasPrivateKey.
Exceptions
issuerCertificate
is null
.
The HasPrivateKey value for issuerCertificate
is false
.
The type of signing key represented by issuerCertificate
could not be determined.
notAfter
represents a date and time before notBefore
.
serialNumber
has length 0.
issuerCertificate
has a different key algorithm than the requested certificate.
issuerCertificate
is an RSA certificate and this object was created via a constructor that doesn't accept an RSASignaturePadding value.
Applies to
Create(X500DistinguishedName, X509SignatureGenerator, DateTimeOffset, DateTimeOffset, Byte[])
- Source:
- CertificateRequest.cs
- Source:
- CertificateRequest.cs
- Source:
- CertificateRequest.cs
Signs the current certificate request to create a chain-signed or self-signed certificate.
public:
System::Security::Cryptography::X509Certificates::X509Certificate2 ^ Create(System::Security::Cryptography::X509Certificates::X500DistinguishedName ^ issuerName, System::Security::Cryptography::X509Certificates::X509SignatureGenerator ^ generator, DateTimeOffset notBefore, DateTimeOffset notAfter, cli::array <System::Byte> ^ serialNumber);
public System.Security.Cryptography.X509Certificates.X509Certificate2 Create (System.Security.Cryptography.X509Certificates.X500DistinguishedName issuerName, System.Security.Cryptography.X509Certificates.X509SignatureGenerator generator, DateTimeOffset notBefore, DateTimeOffset notAfter, byte[] serialNumber);
member this.Create : System.Security.Cryptography.X509Certificates.X500DistinguishedName * System.Security.Cryptography.X509Certificates.X509SignatureGenerator * DateTimeOffset * DateTimeOffset * byte[] -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Function Create (issuerName As X500DistinguishedName, generator As X509SignatureGenerator, notBefore As DateTimeOffset, notAfter As DateTimeOffset, serialNumber As Byte()) As X509Certificate2
Parameters
- issuerName
- X500DistinguishedName
The X500DistinguishedName for the issuer.
- generator
- X509SignatureGenerator
An X509SignatureGenerator object representing the issuing certificate authority.
- notBefore
- DateTimeOffset
The oldest date and time when this certificate is considered valid. Typically UtcNow, plus or minus a few seconds.
- notAfter
- DateTimeOffset
The date and time when this certificate is no longer considered valid.
- serialNumber
- Byte[]
The serial number to use for the new certificate. This value should be unique per issuer. The value is interpreted as an unsigned integer of arbitrary size in big-endian byte ordering. RFC 3280 recommends confining it to 20 bytes or less.
Returns
An X509Certificate2 object with the specified values. The returned object won't assert HasPrivateKey.
Exceptions
notAfter
represents a date and time that happens earlier than notBefore
.
-or-
serialNumber
is zero length or null
.
An error occurs during the signing operation.
Applies to
Create(X500DistinguishedName, X509SignatureGenerator, DateTimeOffset, DateTimeOffset, ReadOnlySpan<Byte>)
- Source:
- CertificateRequest.cs
- Source:
- CertificateRequest.cs
- Source:
- CertificateRequest.cs
Sign the current certificate request to create a chain-signed or self-signed certificate.
public:
System::Security::Cryptography::X509Certificates::X509Certificate2 ^ Create(System::Security::Cryptography::X509Certificates::X500DistinguishedName ^ issuerName, System::Security::Cryptography::X509Certificates::X509SignatureGenerator ^ generator, DateTimeOffset notBefore, DateTimeOffset notAfter, ReadOnlySpan<System::Byte> serialNumber);
public System.Security.Cryptography.X509Certificates.X509Certificate2 Create (System.Security.Cryptography.X509Certificates.X500DistinguishedName issuerName, System.Security.Cryptography.X509Certificates.X509SignatureGenerator generator, DateTimeOffset notBefore, DateTimeOffset notAfter, ReadOnlySpan<byte> serialNumber);
member this.Create : System.Security.Cryptography.X509Certificates.X500DistinguishedName * System.Security.Cryptography.X509Certificates.X509SignatureGenerator * DateTimeOffset * DateTimeOffset * ReadOnlySpan<byte> -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Function Create (issuerName As X500DistinguishedName, generator As X509SignatureGenerator, notBefore As DateTimeOffset, notAfter As DateTimeOffset, serialNumber As ReadOnlySpan(Of Byte)) As X509Certificate2
Parameters
- issuerName
- X500DistinguishedName
The distinguished name of the issuer.
- generator
- X509SignatureGenerator
The issuing certificate authority.
- notBefore
- DateTimeOffset
The oldest date and time where this certificate is considered valid. Typically UtcNow, plus or minus a few seconds.
- notAfter
- DateTimeOffset
The date and time where this certificate is no longer considered valid.
- serialNumber
- ReadOnlySpan<Byte>
The serial number to use for the new certificate. This value should be unique per issuer. The value is interpreted as an unsigned (big) integer in big endian byte ordering.
Returns
A certificate with the specified values. The returned object will not assert HasPrivateKey.
Exceptions
issuerName
or generator
is null
.
notAfter
represents a date and time before notBefore
.
-or
serialNumber
has length 0.
An error occurred during the signing operation.
Applies to
.NET