Occasionally, you might find that you need to create a self-signed server certificate. If you’re on Windows, your options are basically:
In the last installment, we created a Bouncy Castle certificate. How do we now create a .NET X509Certificate2 object?
Over the last couple of days, we’ve seen how to use Bouncy Castle to generate certificates from C#. However, if you compare the certificates we’ve been generating with those generated by (e.g.) makecert, you’ll see that we’re missing a few things.
If you look at a certificate, you will see something like one of the following:
When you connect to a server using HTTPS, the server provides a certificate that identifies it. Your browser will then typically check that the name in the server certificate matches the address that you’ve gone to. In this way, you can be sure that you’re connecting to the correct server.
Over the last few posts, we’ve seen how to create a self-signed server certificate in C#, by using the Bouncy Castle library. How do we create a CA certificate, and how do we issue certificates from that authority?