C#生成pfx用户数字证书

using System;using System.Collections;using System.IdentityModel.Tokens;using System.Security.Cryptography.X509Certificates;// in BouncyCastle.Crypto.dllusing Org.BouncyCastle.X509;using Org.BouncyCastle.Math;using Org.BouncyCastle.Asn1;using Org.BouncyCastle.Crypto;using Org.BouncyCastle.Security;using Org.BouncyCastle.Asn1.X509;using Org.BouncyCastle.Crypto.Prng;using Org.BouncyCastle.Crypto.Generators;namespace ConsoleApplication1{    class Program    {        static void Main(string[] args)        {            string password = "V3ry_S3kr37;-)";            string signatureAlgorithm = "SHA1WithRSA";            // Generate RSA key pair            var rsaGenerator = new RsaKeyPairGenerator();            var randomGenerator = new CryptoApiRandomGenerator();            var secureRandom = new SecureRandom(randomGenerator);            var keyParameters = new KeyGenerationParameters(secureRandom, 1024);            rsaGenerator.Init(keyParameters);            var keyPair = rsaGenerator.GenerateKeyPair();            // Generate certificate            var attributes = new Hashtable();            attributes[X509Name.E] = "baiyi@company.com";//设置dn信息的邮箱地址            attributes[X509Name.CN] = "www.baiyi.com";//设置证书的用户，也就是颁发给谁            attributes[X509Name.O] = "Company baiyi.";//设置证书的办法者            attributes[X509Name.C] = "Zh";//证书的语言

//这里是证书颁发者的信息            var ordering = new ArrayList();            ordering.Add(X509Name.E);            ordering.Add(X509Name.CN);            ordering.Add(X509Name.O);            ordering.Add(X509Name.C);            var certificateGenerator = new X509V3CertificateGenerator();

//设置证书序列化号            certificateGenerator.SetSerialNumber(BigInteger.ProbablePrime(120, new Random()));

//设置颁发者dn信息            certificateGenerator.SetIssuerDN(new X509Name(ordering, attributes));

//设置证书生效时间            certificateGenerator.SetNotBefore(DateTime.Today.Subtract(new TimeSpan(1, 0, 0, 0)));

//设置证书失效时间            certificateGenerator.SetNotAfter(DateTime.Today.AddDays(365));

//设置接受者dn信息            certificateGenerator.SetSubjectDN(new X509Name(ordering, attributes));

//设置证书的公钥            certificateGenerator.SetPublicKey(keyPair.Public);

//设置证书的加密算法            certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);            certificateGenerator.AddExtension(X509Extensions.BasicConstraints,                true,                new BasicConstraints(false));            certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier,                true,                new AuthorityKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public)));            // Key usage: Client authentication            certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage.Id,                false,                new ExtendedKeyUsage(new ArrayList() { new DerObjectIdentifier("1.3.6.1.5.5.7.3.2") }));//创建证书，如果需要cer格式的证书，到这里就可以了。如果是pfx格式的就需要加上访问密码            var x509Certificate = certificateGenerator.Generate(keyPair.Private);            byte[] pkcs12Bytes = DotNetUtilities.ToX509Certificate(x509Certificate).Export(X509ContentType.Pkcs12, password);            var certificate = new X509Certificate2(pkcs12Bytes, password);            // Derive security token and use it            var x509Token = new X509SecurityToken(certificate);         }    }}