Nirmalrajhen-t
commented
1 year ago @GregDomzalski When can I expect this feature?
Closed Nirmalrajhen-t closed 1 year ago
Nirmalrajhen-t
commented
1 year ago @GregDomzalski When can I expect this feature?
burnett86
commented
1 year ago The sample code demonstrates how to build a self-signed cert. It uses the C# CertificateRequest class.
The SDK does not have a class or method to build a self-signed cert, but the CertificateRequest class does. So if you want to build a self-signed cert, use that class.
The only trick is to get the CertificateRequest class to use the YubiKey to sign, instead of software. But that's done using an X509SignatureGenerator. So all you need to do is build one of those. Or use the one in the sample code.
The PIV sample (.../dotnet-enterprisesdk/Yubico.YubiKey/examples/PivSampleCode) includes code that uses the CertificateRequest class to build a self-signed cert, including a "YubiKeySignatureGenerator".
GregDomzalski
commented
1 year ago Closing this issue as it looks like there is a path forward with example code.
If you have further questions or problems getting a solution up and running, please feel free to reopen the issue.
The Piv command line tool offers the ability to self-sign a certificate using the following arguments: '-a selfsign-certificate', '-s $Slot', and '-S '/CN=Test self signed cert/''. By specifying these arguments, the tool will generate a self-signed certificate for the designated slot.
It would be great if Yubico SDK got any class that perform this action.