Search code examples
c#.net-corecertificatex509certificate2ocsp

Add Certificate ocsp Authority Information Access and policies extensions in c#

I am issuing (with own Certificate Authority) a certificate in c# code (based on: .NET Core 2.0 CertificateRequest class)

In CertificateRequest, unable to add Certificate ocsp Authority Information Access (oid: 1.3.6.1.5.5.7.1.1) and certificate policies (oid: 2.5.29.32) extensions (similar results of: Authority Information Access extension)

I do not want to use external libraries, perhaps only ASN1 libraries if needed.

Anyone can help with c# code to add these extensions as I didn't find any suitable types in .Net?

certificateRequestObject.CertificateExtensions.Add(
                  new X509Extension("2.5.29.32", **[Authority Information Access text] to RawData?** , false));

[Authority Information Access text]

Authority Information Access   1.3.6.1.5.5.7.1.1
[1]Authority Info Access
     Access Method=On-line Certificate Status Protocol (1.3.6.1.5.5.7.48.1)
     Alternative Name:
          URL=example.org
[2]Authority Info Access
     Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
     Alternative Name:
          URL=example.org
Solution

  • Disclaimer: I do strongly believe that you should not roll own crypto/CA and use standard CA software to issue certificate since they are intended to solve this problem.

    There is no built-in support for ASN encoding/decoding in .NET (including .NET Core), you have to use 3rd party libraries.

    For ASN encoding you can use ASN.1 library I developed: Asn1DerParser.NET

    And use for your particular case will be:

    Byte[] encodedData = new Asn1Builder()
    .AddSequence(x => x.AddObjectIdentifier(new Oid("1.3.6.1.5.5.7.48.1")
        .AddImplicit(6, Encoding.ASCII.GetBytes("http://ocsp.example.com"), true))
    .GetEncoded();
var extension = new X509Extension("1.3.6.1.5.5.7.1.1", encodedData, false);

    and add extension item to your request. If you need to add more URLs, then add more SEQUENCE elements:

    Byte[] encodedData = new Asn1Builder()
    .AddSequence(x => x.AddObjectIdentifier(new Oid("1.3.6.1.5.5.7.48.1")
        .AddImplicit(6, Encoding.ASCII.GetBytes("http://ocsp1.example.com"), true))
    .AddSequence(x => x.AddObjectIdentifier(new Oid("1.3.6.1.5.5.7.48.1")
        .AddImplicit(6, Encoding.ASCII.GetBytes("http://ocsp2.example.com"), true))
    .GetEncoded();
var extension = new X509Extension("1.3.6.1.5.5.7.1.1", encodedData, false);