Thursday, November 21, 2013

X509Certificate2 certificate conversions

X509 certificates are useful for many common tasks. Some time ago I’ve blogged on how to create certificates programatically and how to sign and verify XML data in an interoperable way.

There are some common tasks about certificates. Let’s begin.

To access a system store and enumerate it:

X509Store store = new X509Store( StoreName.My, StoreLocation.CurrentUser );
store.Open( OpenFlags.ReadOnly );
 
foreach ( var cert in store.Certificates )
{
    Console.WriteLine( cert.ToString() );
}

To access a file system store (*.pfx) and enumerate certificates:

X509Certificate2Collection store = new X509Certificate2Collection();
store.Import( @"c:\filename.pfx", "password", X509KeyStorageFlags.DefaultKeySet );
 
foreach ( var cert in store.OfType<X509Certificate2>() )
{
    Console.WriteLine( cert.ToString() );
}

To load a single certificate from a file system store (*.pfx):

X509Certificate2 cert = 
  new X509Certificate2( @"c:\filename.pfx", "password", X509KeyStorageFlags.MachineKeySet );
Console.WriteLine( cert.ToString() );

To export a X509Certificate2 object to a file store (*.pfx) (with private key and protected with a password):

X509Certificate2 cert = ...;
File.WriteAllBytes( "cert.pfx", cert.Export( X509ContentType.Pkcs12, "foo" ) );

To export only a public key of the X509Certificate2 to a file (*.cer):

X509Certificate2 cert = ...;
File.WriteAllText( "cert.cer", Convert.ToBase64String( cert.Export( X509ContentType.Cert ) ) );

And last but not least, if you have a certificate in Base64 form (for example from ADFS2 federation metadata), just create a blank text file with *.cer extension, copy the base64 certificate, save. The file can be used from within the Windows shell.

(a side note here: although most web sources claim that base64 encoded certificates in text form need the ----BEGIN CERTIFICATE----- preamble and -----END CERTIFICATE----- at the end, this is not necessary).

For example, a first googled certificate from here stored in a cert.cer text file

and double clicked from the OS shell opens up as