string password = "213978863940714"; string signatureAlgorithm = "SHA1WithRSA"; // Generate RSA key pair var rsaGenerator = new RsaKeyPairGenerator(); var randomGenerator = new CryptoApiRandomGenerator(); var secureRandom = new SecureRandom(randomGenerator); var keyParameters = new KeyGenerationParameters(secureRandom, 1024); rsaGenerator.Init(keyParameters); var keyPair = rsaGenerator.GenerateKeyPair(); // Generate certificate var attributes = new Hashtable(); attributes[X509Name.E] = UserInfo.idCard;//設置dn信息的郵箱地址 attributes[X509Name.CN] = UserInfo.idCard;//設置證書的用戶,也就是頒發給誰 attributes[X509Name.O] = "www.shwdztc.com";//設置證書的辦法者 attributes[X509Name.C] = "Zh";//證書的語言 //這里是證書頒發者的信息 var ordering = new ArrayList(); ordering.Add(X509Name.E); ordering.Add(X509Name.CN); ordering.Add(X509Name.O); ordering.Add(X509Name.C); var certificateGenerator = new X509V3CertificateGenerator(); //設置證書序列化號 certificateGenerator.SetSerialNumber(BigInteger.ProbablePrime(120, new Random())); //設置頒發者dn信息 certificateGenerator.SetIssuerDN(new X509Name(ordering, attributes)); //設置證書生效時間 certificateGenerator.SetNotBefore(DateTime.Today.Subtract(new TimeSpan(1, 0, 0, 0))); //設置證書失效時間 certificateGenerator.SetNotAfter(DateTime.Today.AddDays(365)); //設置接受者dn信息 certificateGenerator.SetSubjectDN(new X509Name(ordering, attributes)); //設置證書的公鑰 certificateGenerator.SetPublicKey(keyPair.Public); //設置證書的加密算法 certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm); certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, true, new AuthorityKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public))); certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage.Id, false, new ExtendedKeyUsage(new ArrayList() { new DerObjectIdentifier("1.3.6.1.5.5.7.3.2") })); //創建證書,如果需要cer格式的證書,到這里就可以了。如果是pfx格式的就需要加上訪問密碼 var x509Certificate = certificateGenerator.Generate(keyPair.Private); byte[] pkcs12Bytes = DotNetUtilities.ToX509Certificate(x509Certificate).Export(X509ContentType.Pfx, password); var certificate = new X509Certificate2(pkcs12Bytes, password); certificate.PrivateKey = EncryHelper.ToDotNetKey((RsaPrivateCrtKeyParameters)keyPair.Private); var array = certificate.Export(X509ContentType.Pfx, password); var cerArray = certificate.Export(X509ContentType.Cert); string path = HttpContext.Current.Server.MapPath("~/files/userword/Word/" + UserInfo.idCard + ".pfx"); string pathcer = HttpContext.Current.Server.MapPath("~/files/userword/Word/" + UserInfo.idCard + ".cer"); FileStream fsCA = new FileStream(path, FileMode.Create); //將byte數組寫入文件中 fsCA.Write(array, 0, array.Length); fsCA.Close(); FileStream fscer = new FileStream(pathcer, FileMode.Create); //將byte數組寫入文件中 fscer.Write(cerArray, 0, cerArray.Length); fscer.Close();