Here is a code to generate a certificate in c# with RSA key pair. There is still something strange here, the generated key is RSACng and not the legacty CSP, so instead of using RSACryptoServiceProvider, we can use RSA.Create(2048) and it will have the same effect. I could not find a way to export PFX with custom provider name with the standard library
string subjectDn = $"CN=Some Name";
RSACryptoServiceProvider rsa = new(2048, new CspParameters(24,
"Microsoft Enhanced RSA and AES Cryptographic Provider"));
CertificateRequest certRequest = new ($"{subjectDn}", rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
certRequest.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.NonRepudiation, true));
certRequest.CertificateExtensions.Add(new X509BasicConstraintsExtension(false, false, 0, true));
X509Certificate2 generatedCert = certRequest
.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now.AddYears(4));
RSA certKey = generatedCert.GetRSAPrivateKey();
byte[] pfx = generatedCert.Export(X509ContentType.Pfx, "123456");
Tags
cryptography