How to generate and export certificates


In this article we will show you how you can create an RSA 2048-bit PEM certificate and how you can export it.

To start off, download and install OpenSSL SDK. Generate RSA private key:

>> openssl genrsa -out key.pem 2048

Create PVK certificate

Generate PVK withhelp makecert.exe tool:

>> makecert.exe -r -pe -n "CN=AkademRulit" -sv Certificate.pvk key.pem

Create PFX container

Download and install pvk2pfx.exe. Execute it via commandline with pair of keys generated on a previous step (see at certificate storage):

>> C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin>pvk2pfx.exe -pvk "c:\Certificate.pvk" -spc "c:\key.pem" -pfx "c:\MyCertificate.pfx"

Create PDF file with MyCertificate.pfx

Pkcs12Store ks = null;
using (FileStream file = new FileStream(@"c:\MyCertificate.pfx", FileMode.Open, FileAccess.Read))
   ks = new Pkcs12Store(file,"");//without password            

Now that you've created your own certificate store, you can immediately use it for signing PDFs using PDFKit, but you can also export it:

To export, please do the following (assuming that you have IE on your machine):

  1. In Internet Explorer select Tools (menu) --> Internet Options (item in menu)
  2. Content (tab) --> Certificates (button)
  3. Select the certificate you want to expect (selection) --> Export… (button)
  4. Yes, Export the private key (selection) – notice that if this selection is not available the key is imported without export rights.
  5. Select Personal Information Exchange – PKCS #12 (.pfx):
    • select include all certificates in the certification path if possible
    • deselect strong protection (however strong protection is supported by our code, for testing I recommends the weaker option)
    • deselect delete the key
  6. Type the same password trice (e.g. “Test”), and keep this password available
  7. Provide a filename (e.g. “C:\temp\test.pfx” )
  8. Finish (button)
  9. Check if the message says: successful