How to generate and export certificates
How to generate and export certificates
In this article we will show you how you can create an RSA 2048-bit PEM certificate and how you can export it.
To start off, download and install OpenSSL SDK. Generate RSA private key:
>> openssl genrsa -out key.pem 2048
Create PVK certificate
Generate PVK withhelp makecert.exe tool:
>> makecert.exe -r -pe -n "CN=AkademRulit" -sv Certificate.pvk key.pem
Create PFX container
Download and install pvk2pfx.exe. Execute it via commandline with pair of keys generated on a previous step (see at certificate storage):
>> C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin>pvk2pfx.exe -pvk "c:\Certificate.pvk" -spc "c:\key.pem" -pfx "c:\MyCertificate.pfx"
Create PDF file with MyCertificate.pfx
Pkcs12Store ks = null;
using (FileStream file = new FileStream(@"c:\MyCertificate.pfx", FileMode.Open, FileAccess.Read))
{
ks = new Pkcs12Store(file,"");//without password
}
Now that you’ve created your own certificate store, you can immediately use it for signing PDFs using PDFKit, but you can also export it:
To export, please do the following (assuming that you have IE on your machine):
- In Internet Explorer select Tools (menu) –> Internet Options (item in menu)
- Content (tab) –> Certificates (button)
- Select the certificate you want to expect (selection) –> Export… (button)
- Yes, Export the private key (selection) – notice that if this selection is not available the key is imported without export rights.
- Select Personal Information Exchange – PKCS #12 (.pfx):
- select include all certificates in the certification path if possible
- deselect strong protection (however strong protection is supported by our code, for testing I recommends the weaker option)
- deselect delete the key
- Type the same password trice (e.g. “Test”), and keep this password available
- Provide a filename (e.g. “C:\temp\test.pfx” )
- Finish (button)
- Check if the message says: successful