Discuss this help topic in SecureBlackbox Forum

Save certificate with its private key

Please take extra care when saving certificates with private key included, as this might result in security compromise. You might need to use different methods depending on the exact certificate format you need to employ.

To save your certificate with private key to a PFX file, either use the SaveToStreamPFX() method, or pass TSBCertFileFormat.cfPFX to SaveToFile(): int r = cert.SaveToFile("cert.pfx", "password", TSBCertFileFormat.cfPFX);

Saving a certificate and its private key in PEM format involves two steps. Both elements are saved to the same stream, one after another. It is good practice to save the certificate in unencrypted form (with no password provided), but encrypt the key with a password:


FileStream certStream = new FileStream("cert.pem", FileMode.Create);
try
{
  cert.SaveToStreamPEM(certStream, "");
  cert.SaveKeyToStreamPEM(certStream, "password");
}
finally
{
  certStream.Close();
}
	

Other certificate formats (DER, SPC) do not support storage of private keys together with certificates.

Certificate-related How To articles

Discuss this help topic in SecureBlackbox Forum