Change x509 advanced properties / usage

Question

Is there a way to programmatically edit the targets allowed for an x.509 certificate?

This function is available through the mmc certificate snap-in (hyperlink below), but I need to perform the action using the code. preferably C #.

+3

RSmith Jan 21 '10 at 19:26

1 answer

Remus Rusanu · Accepted Answer · 2010-01-21T19:43:11+0000

The MMC can do whatever the Crypto API can do, and there are a bunch of certificate-related features like CertAddEnhancedKeyUsageIdentifier or CertSetCertificateContextProperty . There is a complete example in Example C: Obtaining and Configuring Certificate Properties , including the “Advanced Key Usage” modification, which indicates who have the certificate. For example, to make the certificate valid for SSL on the server side, you need to add the OID EKU 1.3.6.1.5.5.7.3.1(for example, "Server Authentication"), see Configuring the certificate for use over SSL .

the C # equivalent is the X509KeyUsageExtension class . See the class specification reference for examples.