alter x509 extended properties / usages
https://stackoverflow.com/questions/2112186
-
22-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Is there any way to programmatically edit the purposes enabled for a give x.509 certificate?
This functionality is available via the certificates mmc snap-in (hyperlink below) but I need to perform the action through code. preferably C#.
Solution
The MMC can do whatever the Crypto API can do and there are a bunch of Certificate related functions like CertAddEnhancedKeyUsageIdentifier or CertSetCertificateContextProperty. There is a full blown example at Example C Program: Getting and Setting Certificate Properties, including a modification of the 'enhanced key usage' that specifies the uses for which a certificate is valid. For instance, to make a cert valid for SSL from the server side you'd have to add the EKU OID 1.3.6.1.5.5.7.3.1 (aka. 'Server Authentication'), see Configuring Certificate for Use by SSL.
The C# equivalent is the X509KeyUsageExtension class. See the link to the class spec for examples.
