Discuss this help topic in SecureBlackbox Forum

Save certificate without its private key

Saving a certificate without its private key is needed, for instance, when the private key is stored on a hardware token.

To save your certificate in DER, SPC, or PEM formats, just call the certificate object's SaveToFile() method. No private key will be saved (DER and SPC do not support private key storage at all, while PEM requires the private key to be explicitly saved via the SaveKeyToStreamPEM() method): cert.SaveToFile("cert.pem", "", TSBCertFileFormat.cfPEM);

To save your certificate in PFX format, get rid of the private key first, because by defalut it is always saved. You can do this by cloning your certificate object to a private key-less copy and saving it instead:


TElX509Certificate copy = new TElX509Certificate();
cert.Clone(copy, false); // The second parameter MUST be FALSE, the private key will be copied otherwise!

copy.SaveToFile("cert.pfx", "password", TSBCertFileFormat.cfPFX);
	

Certificate-related How To articles

Discuss this help topic in SecureBlackbox Forum