Compact examples for Certificate Signing Requests. → Details: CSR Scenarios

using var ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP384);
 
var dn = new X500DistinguishedNameBuilder();
dn.AddCommonName("api.example.com");
dn.AddOrganizationName("Example Corp");
 
var csr = new CertificateRequest(dn.Build(), ecdsa, HashAlgorithmName.SHA384);
 
// SANs
var sanBuilder = new SubjectAlternativeNameBuilder();
sanBuilder.AddDnsName("api.example.com");
sanBuilder.AddDnsName("www.example.com");
csr.CertificateExtensions.Add(sanBuilder.Build());
 
// Key Usage
csr.CertificateExtensions.Add(
    new X509KeyUsageExtension(
        X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.KeyEncipherment, true));
 
// EKU: Server Auth
csr.CertificateExtensions.Add(
    new X509EnhancedKeyUsageExtension(
        new OidCollection { new Oid("1.3.6.1.5.5.7.3.1") }, false));
 
var csrBytes = csr.CreateSigningRequest();

→ Details: Server CSR

using var mlDsa = MlDsaSigner.Create(MlDsaParameterSet.MlDsa65);
 
var dn = new X500DistinguishedNameBuilder();
dn.AddCommonName("client-app-001");
 
var csr = new CertificateRequest(dn.Build(), mlDsa, HashAlgorithmName.SHA384);
 
csr.CertificateExtensions.Add(
    new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, true));
csr.CertificateExtensions.Add(
    new X509EnhancedKeyUsageExtension(
        new OidCollection { new Oid("1.3.6.1.5.5.7.3.2") }, false)); // clientAuth

→ Details: Client CSR

var dn = new X500DistinguishedNameBuilder();
dn.AddCommonName("Example Corp Code Signing");
 
var csr = new CertificateRequest(dn.Build(), mlDsa, HashAlgorithmName.SHA384);
 
csr.CertificateExtensions.Add(
    new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, true));
csr.CertificateExtensions.Add(
    new X509EnhancedKeyUsageExtension(
        new OidCollection { new Oid("1.3.6.1.5.5.7.3.3") }, true)); // codeSigning

« <- Quick Reference | -> CSR Scenarios (Details) »

Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional