//先用大整數來生成一個1024bit的密鑰對
RSA rsa = new RSA();
BigNumber number = OpenSSL.Core.Random.Next(10, 10, 1);
rsa.GenerateKeys(1024, number, null, null);
CryptoKey key = new CryptoKey(rsa);
//創建X509證書,Subject和Issuer相同
X509Certificate x509 = new X509Certificate();
x509.SerialNumber = (int)DateTime.Now.Ticks;
x509.Subject = new X509Name("CN=DOMAIN"); //DOMAIN為站點域名
x509.Issuer = new X509Name("CN=DOMAIN");
x509.PublicKey = key; //指定公鑰
x509.NotBefore = Convert.ToDateTime("2011-1-1"); //起始時間
x509.NotAfter = Convert.ToDateTime("2050-1-1"); //失效時間
x509.Version = 2;
//用私鑰簽一下名
x509.Sign(key, MessageDigest.MD5);
//輸出到crt文件中
BIO x509bio = BIO.File("CA.crt", "w");
x509.Write(x509bio);
//生成pfx文件,注意證書鏈必須是空的
var certs = new OpenSSL.Core.Stack<X509Certificate>();
PKCS12 p12 = new PKCS12("PASSWORD", key, x509, certs); //PASSWORD為保護密鑰
BIO p12Bio = BIO.File("CA.pfx", "w");
p12.Write(p12Bio);
//清理
rsa.Dispose();
x509.Dispose();
x509bio.Dispose();
p12.Dispose();
p12Bio.Dispose();
轉 http://www.cnblogs.com/jiecaoge/p/6408176.html
openssl-net git地址是 https://github.com/openssl-net/openssl-net