The documentation is for Java, and mentions the PKCS10CertificationRequest class.

Again, this is more-or-less a direct port from the C# post.

Note: This is a bit long, because I want to take a moment to show some of the problems you might have using PowerShell to call .NET code that’s written in a certain style.

I recently wrote a series of blog posts on how to use the cryptography libraries from the Legion of the BouncyCastle in C#.

Over the last few posts, we’ve seen how to create a self-signed server certificate in C#, by using the Bouncy Castle library. How do we create a CA certificate, and how do we issue certificates from that authority?

When you connect to a server using HTTPS, the server provides a certificate that identifies it. Your browser will then typically check that the name in the server certificate matches the address that you’ve gone to. In this way, you can be sure that you’re connecting to the correct server.

If you look at a certificate, you will see something like one of the following:

Over the last couple of days, we’ve seen how to use Bouncy Castle to generate certificates from C#. However, if you compare the certificates we’ve been generating with those generated by (e.g.) makecert, you’ll see that we’re missing a few things.

In the last installment, we created a Bouncy Castle certificate. How do we now create a .NET X509Certificate2 object?

Occasionally, you might find that you need to create a self-signed server certificate. If you’re on Windows, your options are basically: