If you are using OpenSSL.NET to create SSL certificate programmatically and don't know where to start this article might help you.
First of all what is OpenSSL? OpenSSL is a cryptographic toolkit which is used to secure communication over web. OpenSSL provides a rich set of command line tools to create and manage SSL certificates.
But if you want to do it programmatically, then .NET provides a small but usefull wrapper for OpenSSL that is known as OpenSSL.NET.
Now without wasting much of your time, I will show you how to create a SSL X509 certificate using OpenSSL.NET.
First of all you must download OpenSSL.NET. Once you have downloaded it, you will see three dll files in the package i.e. ManagedOpenSsl.dll, ssleay32.dll and libeay32.dll.
Before starting, make sure that you have added the refference to ManagedOpenSsl.dll in your project in visiual studio and ssleay32.dll and libeay32.dll are available in the your current working directory or in your path.
Now we are done with setting up OpenSSL.NET and here is the code to create the SSL certificates.
###################################################
// Create a configuration object using openssl.cnf file.
OpenSSL.X509.Configuration cfg = new OpenSSL.X509.Configuration("Path to your openssl configuration file i.e. openssl.cnf");
// Create a root certificate authority which will have a self signed certificate.
OpenSSL.X509.X509CertificateAuthority RootCA = OpenSSL.X509.X509CertificateAuthority.SelfSigned(cfg, new SimpleSerialNumber(),"Disinguish name for your CA", DateTime.
Now, TimeSpan.FromDays(365));
// If you want the certificate of your root CA which you just create, you can get the certificate like this.
X509Certificate RootCertificate = rootCA.certificate;
// Here you need CSR(Certificate Signing Request) which you might have already got it from your web server e.g. IIS7.0.How to generate CSR on IIS 7.0
string strCSR = System.IO.File.ReadAllText(@"Path to your CSR file");
// You need to write the CSR string to a BIO object as shown below.
OpenSSL.Core.BIO ReqBIO = OpenSSL.Core.BIO.MemoryBuffer();
ReqBIO.Write(strCSR);
// Now you can create X509Rquest object using the ReqBIO.
OpenSSL.X509.X509Request Request = new OpenSSL.X509.X509Request(reqBIO);
// Once you have a request object, you can create a SSL Certificate which is signed by the self signed RootCA.
OpenSSL.X509.X509Certificate certificate = RootCA.ProcessRequest(Request, DateTime.Now, DateTime.Now + TimeSpan.FromDays(365));
// Now you can save this certificate to your file system.
FileStream fs = new FileStream("Path to your file where you want to create the certificate with file name", FileMode.Create, FileAccess.ReadWrite);
BinaryWriter bw = new BinaryWriter(fs);
BIO bio = BIO.MemoryBuffer();
certificate.Write(bio);
string certString = bio.ReadString();
bw.Write(certString);
##############################################
Finally make sure that you close all you BIO objects and File streams.
Now you have a X509 Certificate and you install it in your web server.
Hope this is helpful. Please provide your valuable comments and suggestions to improve my posts.
First of all what is OpenSSL? OpenSSL is a cryptographic toolkit which is used to secure communication over web. OpenSSL provides a rich set of command line tools to create and manage SSL certificates.
But if you want to do it programmatically, then .NET provides a small but usefull wrapper for OpenSSL that is known as OpenSSL.NET.
Now without wasting much of your time, I will show you how to create a SSL X509 certificate using OpenSSL.NET.
First of all you must download OpenSSL.NET. Once you have downloaded it, you will see three dll files in the package i.e. ManagedOpenSsl.dll, ssleay32.dll and libeay32.dll.
Before starting, make sure that you have added the refference to ManagedOpenSsl.dll in your project in visiual studio and ssleay32.dll and libeay32.dll are available in the your current working directory or in your path.
Now we are done with setting up OpenSSL.NET and here is the code to create the SSL certificates.
###################################################
// Create a configuration object using openssl.cnf file.
OpenSSL.X509.Configuration cfg = new OpenSSL.X509.Configuration("Path to your openssl configuration file i.e. openssl.cnf");
// Create a root certificate authority which will have a self signed certificate.
OpenSSL.X509.X509CertificateAuthority RootCA = OpenSSL.X509.X509CertificateAuthority.SelfSigned(cfg, new SimpleSerialNumber(),"Disinguish name for your CA", DateTime.
Now, TimeSpan.FromDays(365));
// If you want the certificate of your root CA which you just create, you can get the certificate like this.
X509Certificate RootCertificate = rootCA.certificate;
// Here you need CSR(Certificate Signing Request) which you might have already got it from your web server e.g. IIS7.0.How to generate CSR on IIS 7.0
string strCSR = System.IO.File.ReadAllText(@"Path to your CSR file");
// You need to write the CSR string to a BIO object as shown below.
OpenSSL.Core.BIO ReqBIO = OpenSSL.Core.BIO.MemoryBuffer();
ReqBIO.Write(strCSR);
// Now you can create X509Rquest object using the ReqBIO.
OpenSSL.X509.X509Request Request = new OpenSSL.X509.X509Request(reqBIO);
// Once you have a request object, you can create a SSL Certificate which is signed by the self signed RootCA.
OpenSSL.X509.X509Certificate certificate = RootCA.ProcessRequest(Request, DateTime.Now, DateTime.Now + TimeSpan.FromDays(365));
// Now you can save this certificate to your file system.
FileStream fs = new FileStream("Path to your file where you want to create the certificate with file name", FileMode.Create, FileAccess.ReadWrite);
BinaryWriter bw = new BinaryWriter(fs);
BIO bio = BIO.MemoryBuffer();
certificate.Write(bio);
string certString = bio.ReadString();
bw.Write(certString);
##############################################
Finally make sure that you close all you BIO objects and File streams.
Now you have a X509 Certificate and you install it in your web server.
Hope this is helpful. Please provide your valuable comments and suggestions to improve my posts.
