Pluralsight blog Where devs, IT admins & creative pros go for news, tips, videos and more.
Pluralsight + Digital-Tutors - 3,000 tech & creative courses - starting at $29/month Get it now →
February 13, 2012

SelfCert: Create a Self-Signed Certificate Interactively (GUI) or Programmatically in .NET

By

While this isn’t new, I needed a new home for it since my old Pluralsight blog is gone now. Hopefully you’ll find it helpful!

It’s a bit of a pain to create self-signed certs using MAKECERT. So here’s a GUI-based tool that uses a combination of the .NET Framework and the CryptoAPI to create self-signed X.509 certificates. And it’s factored so that you can use the underlying library standalone – you can easily create certs programmatically now.

Here’s the GUI:

The GUI has some nifty features: you can create a PFX file directly, or you can save directly to a cert store of your choice. When you save to a cert store, an extra dialog pops up showing you where the private key file resides, so that you can adjust the ACL accordingly. I’ve got a “view private key” feature that launches explorer with the /select argument, taking you to the private key file so that you can set the ACL on it. Anyway, this extra dialog gives you some quick info you typically want, like the thumbprint. And there are buttons for browsing the cert store and viewing the certificate as well from here.

The GUI gens the RSA key pair on a background thread, so a) the app doesn’t lock up on you, and b) if you get tired of waiting for the key to gen, you can cancel easily enough :)

Here’s some code that does this programmatically by calling the Pluralsight.Crypto library that is underneath all of this. Those of you who are familiar with the CryptoAPI will recognize the key abstraction here, CryptContext.

static void GenSelfSignedCert()
{
    using (CryptContext ctx = new CryptContext())
    {
        ctx.Open();

        X509Certificate2 cert = ctx.CreateSelfSignedCertificate(
            new SelfSignedCertProperties
            {
                IsPrivateKeyExportable = true,
                KeyBitLength = 4096,
                Name = new X500DistinguishedName("cn=localhost"),
                ValidFrom = DateTime.Today.AddDays(-1),
                ValidTo = DateTime.Today.AddYears(1),
            });

        X509Certificate2UI.DisplayCertificate(cert);
    }
}

Make sure you’ve got the Microsoft .NET Framework 3.5 installed. Self-Cert relies on it.

Download the project here, which includes binaries and sources. Feel free to use Pluralsight.Crypto in your own projects if you find it useful. Enjoy!

About the Author

is the Chief Technology Officer for Pluralsight. As CTO, Keith makes sure that Pluralsight's content delivery platform doesn't get in the way of your learning! He strives for less friction and more consistent quality every day.


Discussion