views:

585

answers:

3

I'm looking for a server app to be routinely generating certificates for client applications using self-signed root. Is there any streamlined process in .NET to programmatically generate those certificates?

I can, of course, keep spawning makecert or openssl, but I was looking for more programmatic, in-memory method, when you just get X509Certificate on output.

If someone got a code snippet, can you please share?

A: 

I did some work in this area back in 2004 and no such .NET solutions existed then. We wrote a wrapper class that simply shelled out to openssl. Much as you describe.

We figured it was best to stick with a well known (and used) solution than attempt to reinvent that wheel!

OK, it's been a while since I last looked at this but I'd be tempted to say "if it isn't broken don't fix it" on this one.

Codebrain
+2  A: 

Bouncycastle.org has a C# binding. It can create X509 certificates. This provider is widely used by java webapps.

bgiles
that is pretty good! thanks
galets
A: 

For people a bit freaked out about using a "bouncy castle" in their products, check out the CLR security team's site at CodePlex. They got lots of goodness in there, including a library for making x509 certs.

Will