I have an application written in dotnet framework that I am porting over to dotnet 5 (and probably soon after to dotnet 6).

Right now it uses the ICertRequest interface (Win32 API) to submit a CSR to our on prem CA. I can't for the life of me find how to do this in purely managed dotnet code.

I've looked all over the System.Security.Cryptography namespace and can't find anything. Please help?

I would also prefer to not use BouncyCastle.

CodePudding user response：

Is there any equivalent to ICertRequest in dotnet 5 or dotnet 6?

No.

The closest analogue is the CertificateRequest class, which can be used to build up a certificate request or to make certificates programmatically. Submitting the request to a CA and receiving the response are left as exercises to the caller.

Since the COM certificate enrollment is a Windows-specific feature set, and .NET is now a cross-platform product, there isn't likely to be a direct version of it that ships as part of .NET itself.

There may or may not be community packages that wrap ICertRequest/ICEnroll.