I'm looking for a server app to be routinely generating certificates for client applications using self-signed root. Is there any streamlined process in .NET to programmatically generate those certificates?
I can, of course, keep spawning makecert or openssl, but I was looking for more programmatic, in-memory method, when you just get X509Certificate on output.
If someone got a code snippet, can you please share?
I did some work in this area back in 2004 and no such .NET solutions existed then. We wrote a wrapper class that simply shelled out to openssl. Much as you describe.
We figured it was best to stick with a well known (and used) solution than attempt to reinvent that wheel!
OK, it's been a while since I last looked at this but I'd be tempted to say "if it isn't broken don't fix it" on this one.
Bouncycastle.org has a C# binding. It can create X509 certificates. This provider is widely used by java webapps.
For people a bit freaked out about using a "bouncy castle" in their products, check out the CLR security team's site at CodePlex. They got lots of goodness in there, including a library for making x509 certs.