Generate Trusted Self-Signed Certificate in .NetCore Console Application

Question

I am trying to generate a trusted self-signed certificate for localhost. This certificate will be used for a Self Hosted Web API inside a Console Application. Due to the requirements of this project, the localhost connection has to be trusted and the application will be installed on clients PC's which means the certificate has to be generated programmatically.

I have managed to get this right in .Net Framework and all seems to work 100%, but once I moved it over to .NetCore I am hitting a wall. I am quite new to .NetCore so my knowledge is very limited.

I am using Bouncy Castle to generate the certificates but for some reason, when I try to assign the private key for the self-signed certificate in .NetCore, I get a "System.PlatformNotSupportedException: 'Operation is not supported on this platform." exception. This exception occur when I try to convert the RsaPrivateCrtKeyParameters to a PrivateKey using "DotNetUtilities.ToRSA(rsaparams)".

I followed the exact answer on this link "Generate self signed certificate on the fly".

Since my knowledge is very limited in .NetCore it would be much appreciated if someone can point me in the right direction.

Answer 1

The specific problem is that .NET Core does not support the setter on cert.PrivateKey.

The closest analog is cert.CopyWithPrivateKey, but the code is different. Rather than

cert.PrivateKey = key;
return cert;

you need something more like

return cert.CopyWithPrivateKey(key);

because CopyWithPrivateKey makes a new X509Certificate2 object, leaving the target object unaltered.

FWIW, you can do the entirety of the cert creation without extra dependencies now, as shown in Generate and Sign Certificate Request using pure .net Framework.