new to bouncycastle trying to generate csr with san attribute in .net

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

new to bouncycastle trying to generate csr with san attribute in .net

mats olsson
Hi

I'm trying to create a csr in .net code (java is not allowed due to corp policy).
I found a good example that does almost what I need.

The thing missing is that I cant figure out how to add a subject alternative name to my csr.
All examples I can find uses requestbuilder and that doesn't seem to exist anymore
I believe the correct way to do it today is by using pkcs10certificationrequest and its attribute parameter but I haven't been able to figure out how to do it

can anyone please help? 
Reply | Threaded
Open this post in threaded view
|

Re: new to bouncycastle trying to generate csr with san attribute in .net

mats olsson
Found one way of doing it at least 

 'attributes
        Dim extensions = New Dictionary(Of Asn1.DerObjectIdentifier, X509Extension)
        Dim subjectAlternateNames = New GeneralName(GeneralName.DnsName, "my.dns.name")
        Dim sans = New Org.BouncyCastle.Asn1.X509.X509Extension(False, New Org.BouncyCastle.Asn1.DerOctetString(New Org.BouncyCastle.Asn1.X509.GeneralNames(subjectAlternateNames)))
        extensions.Add(X509Extens
        'CSR Request

        Dim csr = New Pkcs.Pkcs10CertificationRequest("SHA1WITHRSA", myx509Name, keyPair.Public, myAttributeset, keyPair.Private)

Next challenge will be to base64 encode the Pem data.
I need to do the equalent of openssl.exe base64 -in csrfile.csr -out csrfile.B64 -e
It's going to be feed of to a system that requires that format


<-----Ursprungligt Meddelande----->
  From: mats olsson [[hidden email]]
Sent: 7/4/2020 12:32:43 PM
To: [hidden email]
Subject: [dev-crypto] new to bouncycastle trying to generate csr with san attribute in .net 


Hi

I'm trying to create a csr in .net code (java is not allowed due to corp policy).
I found a good example that does almost what I need.

The thing missing is that I cant figure out how to add a subject alternative name to my csr.
All examples I can find uses requestbuilder and that doesn't seem to exist anymore
I believe the correct way to do it today is by using pkcs10certificationrequest and its attribute parameter but I haven't been able to figure out how to do it

can anyone please help?