How to generate and export certificates

None
Security
3/5/2012

In this article we will show you how you can create an RSA 2048-bit PEM certificate and how you can export it.

To start off, download and install OpenSSL SDK. Generate RSA private key:

command line

1 >>openssl genrsa -out key.pem 2048

Create PVK certificate

Generate PVK withhelp makecert.exe tool:

command line

1 >>makecert.exe -r -pe -n "CN=AkademRulit" -sv Certificate.pvk key.pem

Create PFX container

Download and install pvk2pfx.exe. Execute it via commandline with pair of keys generated on a previous step (see at certificate storage):

command line

1 >>C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin>pvk2pfx.exe -pvk "c:\Certificate.pvk" -spc "c:\key.pem" -pfx "c:\MyCertificate.pfx"

Create PDF file with MyCertificate.pfx

1 Pkcs12Store ks = null; 2 using (FileStream file = new FileStream(@"c:\MyCertificate.pfx", FileMode.Open, FileAccess.Read)) 3 { 4 ks = new Pkcs12Store(file,"");//without password 5 }

Now that you've created your own certificate store, you can immediately use it for signing PDFs using PDFKit, but you can also export it:

To export, please do the following (assuming that you have IE on your machine):

1) In Internet Explorer select Tools (menu) --> Internet Options (item in menu)

2) Content (tab) --> Certificates (button)

3) Select the certificate you want to expect (selection) --> Export… (button)

4) Yes, Export the private key (selection) – notice that if this selection is not available the key is imported without export rights.

5) Select Personal Information Exchange – PKCS #12 (.pfx):
- select include all certificates in the certification path if possible
- deselect strong protection (however strong protection is supported by our code, for testing I recommends the weaker option)
- deselect delete the key

6) Type the same password trice (e.g. “Test”), and keep this password available

7) Provide a filename (e.g. “C:\temp\test.pfx” )

8) Finish (button)

9) Check if the message says: successful