I have the output of a .cer file from a successful LetsEncrypt certificate request.
I have an original private key used to create a certificate signing request (CSR) for LetsEncrypt.
Now we need to programmatically merge these two files into a PFX package for IIS using .NET
Since we are trying to do this programmatically, pvk2pfx is not practical, and we would like to avoid openssl if possible.
However, for demonstration, we are trying to reproduce this function, but using CS.NET instead of pvk2pfx: pvk2pfx.exe -pvk Server.pvk -spc Server.cer -pfx Server.pfx
I have exhaustively researched, and here are the possibilities that I see:
One method seems to use X509Certificate2 something like:
// Import the certficate X509Certificate2 cert = new X509Certificate2("c:\\cert.cer"); // Import the private key X509Certificate2 cert = new X509Certificate2("c:\\key.pvk"); // Or import the private key - Alternative method X509DecryptString(token, @"c:\CA.pvk", "mypassword"); // Export the PFX file certificate.Export(X509ContentType.Pfx, "YourPassword"); File.WriteAllBytes(@"C:\YourCert.pfx", certificateData);
Here are some other methods, but they all seem to skip the private key part or require pvk2pfx.exe
Convert from certificate file to pfx file
How to create X509Certificate2 programmatically? http://www.wiktorzychla.com/2012/12/how-to-create-x509certificate2.html
Select, create and find X509 certificates: http://www.wou.edu/~rvitolo06/WATK/Demos/HPCImageRendering/code/ImageRendering/AppConfigure/CertHelper.cs
It is not possible to export the generated private key certificate to a byte array. Unable to export generated private key certificate to byte array in .net 4.0 / 4.5
How to programmatically import pfx with a certificate chain into a certificate store. stack overflow
Import the .cer and .pvk certificate files programmatically in C # for use with netsh http add sslcert https://gist.github.com/BrandonLWhite/235fa12247f6dc827051
The way to convert cer to pfx cert https://gist.github.com/domgreen/988684
Any help greatly appreciated :-)
EDIT 1
CryptoGuy offered us this link: https://gist.github.com/BrandonLWhite/235fa12247f6dc827051
Does this mean something like this would be good?
Are parts of a CSP needed?
Thanks!
using System.Security.Cryptography.X509Certificates; using System.Security.Cryptography; var PublicKey = AssemblyUtility.GetEmbeddedFileAsByteArray("Cert.cer"); var PrivateKey = AssemblyUtility.GetEmbeddedFileAsByteArray("PrivateKey.pvk"); var certificate = new X509Certificate2(PublicKey, string.Empty, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable); var cspParams = new CspParameters { ProviderType = 1, Flags = CspProviderFlags.UseMachineKeyStore, KeyContainerName = Guid.NewGuid().ToString().ToUpperInvariant() }; var rsa = new RSACryptoServiceProvider(cspParams); rsa.ImportCspBlob(ExtractPrivateKeyBlobFromPvk(PrivateKey)); rsa.PersistKeyInCsp = true; certificate.PrivateKey = rsa; certificate.Export(X509ContentType.Pfx, "YourPassword"); File.WriteAllBytes(@"C:\YourCert.pfx", certificateData);