Is there any way to programmatically edit the purposes enabled for a give x.509 certificate?
This functionality is available via the certificates mmc snap-in (hyperlink below) but I need to perform the action through code. preferably C#.
Is there any way to programmatically edit the purposes enabled for a give x.509 certificate?
This functionality is available via the certificates mmc snap-in (hyperlink below) but I need to perform the action through code. preferably C#.
The MMC can do whatever the Crypto API can do and there are a bunch of Certificate related functions like CertAddEnhancedKeyUsageIdentifier or CertSetCertificateContextProperty. There is a full blown example at Example C Program: Getting and Setting Certificate Properties, including a modification of the 'enhanced key usage' that specifies the uses for which a certificate is valid. For instance, to make a cert valid for SSL from the server side you'd have to add the EKU OID 1.3.6.1.5.5.7.3.1
(aka. 'Server Authentication'), see Configuring Certificate for Use by SSL.
The C# equivalent is the X509KeyUsageExtension class. See the link to the class spec for examples.