I in the progress of testing my software and I use this function to generate random cert at startup (in memory):
using System.Security.Cryptography.X509Certificates;
using System.Security.Cryptography;
public X509Certificate CreateX509Certificate2(string certName = "Default cert")
{
var ecdsa = ECDsa.Create();
var rsa = RSA.Create();
var req = new CertificateRequest($"cn={certName}", rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
var cert = req.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now.AddYears(1));
return new X509Certificate2(cert.Export(X509ContentType.Pfx, "password"), "password");
}
Are there any drawbacks of this method and is the cert "real" enough for testing purposes?
Almost all examples I found uses third party libraries like BouncyCastle, but I don't see the purpose to use it?
(I know that valid certs are signed from a trusted CA, but I will do that effort later on when the software is in beta)
Many samples would be using Bouncy Castle for this because CertificicateRequest was only recently added to .NET.
That class creates most of the certificates used for the .NET Core unit tests, it definitely works to create syntactically valid certificates.