I'm trying to write a WinRT application which communicates with Windows Azure's management APIs. In order to do this, a certificate has to be uploaded which meets certain requirements and is then used by the application to authenticate requests.
To make for a better user experience, I want to be able to generate the certificate for them and configure the application to use the certificate. Normally, I would reach for the System.Security.Cryptography namespace, but it would appear to be unavailable from the ".NET for Windows Store app" subset of the full framework.
Any ideas how I could go about creating this self-signed certificate without calling out to an external service?
Whilst normally it would be possible to create certificates with the CertEnrol COM library (a part of Windows), there is no built-in mechanism that is available in the sandboxed WinRT environment.
The only real solution is to generate the certificate in an external process (e.g. an ASP.NET website), then transmit the certificate with its private key and password over a TLS-secured connection as a Base-64 encoded string.
Once the encoded data is available in the WinRT application, the ImportPfxDataAsync method is used to make the certificate available to the WinRT application for further use.
More information on creating self-signed certificates in .NET code can be found in How to create a self-signed certificate using C#?