CertificateRevocationListBuilder.Build Method

Definition

Overloads

Build(X509Certificate2, BigInteger, DateTimeOffset, HashAlgorithmName, RSASignaturePadding, Nullable<DateTimeOffset>)

Builds a Certificate Revocation List (CRL) signed by the specified certificate.

Build(X500DistinguishedName, X509SignatureGenerator, BigInteger, DateTimeOffset, HashAlgorithmName, X509AuthorityKeyIdentifierExtension, Nullable<DateTimeOffset>)

Builds a Certificate Revocation List (CRL).

Build(X509Certificate2, BigInteger, DateTimeOffset, HashAlgorithmName, RSASignaturePadding, Nullable<DateTimeOffset>)

Source:
CertificateRevocationListBuilder.Build.cs
Source:
CertificateRevocationListBuilder.Build.cs
Source:
CertificateRevocationListBuilder.Build.cs

Builds a Certificate Revocation List (CRL) signed by the specified certificate.

public byte[] Build (System.Security.Cryptography.X509Certificates.X509Certificate2 issuerCertificate, System.Numerics.BigInteger crlNumber, DateTimeOffset nextUpdate, System.Security.Cryptography.HashAlgorithmName hashAlgorithm, System.Security.Cryptography.RSASignaturePadding? rsaSignaturePadding = default, DateTimeOffset? thisUpdate = default);
member this.Build : System.Security.Cryptography.X509Certificates.X509Certificate2 * System.Numerics.BigInteger * DateTimeOffset * System.Security.Cryptography.HashAlgorithmName * System.Security.Cryptography.RSASignaturePadding * Nullable<DateTimeOffset> -> byte[]
Public Function Build (issuerCertificate As X509Certificate2, crlNumber As BigInteger, nextUpdate As DateTimeOffset, hashAlgorithm As HashAlgorithmName, Optional rsaSignaturePadding As RSASignaturePadding = Nothing, Optional thisUpdate As Nullable(Of DateTimeOffset) = Nothing) As Byte()

Parameters

issuerCertificate
X509Certificate2

The certificate representing the Certificate Authority (CA) that is creating this Certificate Revocation List.

crlNumber
BigInteger

The sequence number for this CRL. Per IETF RFC 5280, this value must always increase from one CRL to the next for a given CA.

nextUpdate
DateTimeOffset

The latest possible time before the CA will publish a newer CRL, generally treated as an expiration date for this CRL.

hashAlgorithm
HashAlgorithmName

The hash algorithm to use when signing the CRL.

rsaSignaturePadding
RSASignaturePadding

For Certificate Authorities with RSA keys, this parameter is required and specifies the RSA signature padding mode to use when signing the CRL. For all other algorithms, this parameter is ignored. The default is null.

thisUpdate
Nullable<DateTimeOffset>

An optional value that specifies when this CRL was created, or null to use the current system time. The default is null.

Returns

Byte[]

An array that contains the bytes of the signed CRL.

Exceptions

issuerCertificate is null.

-or-

hashAlgorithm has null as the value of Name.

issuerCertificate does not have an associated private key.

-or-

issuerCertificate uses a public key algorithm that is unknown, or not supported by this implementation.

-or-

issuerCertificate does not have a Basic Constraints extension.

-or-

issuerCertificate has a Basic Constraints extension that indicates it is not a valid Certificate Authority certificate.

-or-

issuerCertificate has a Key Usage extension that lacks the CrlSign usage.

-or-

issuerCertificate has an RSA private key but rsaSignaturePadding is null.

-or-

issuerCertificate has an unknown key algorithm.

-or-

nextUpdate is older than thisUpdate.

-or-

hashAlgorithm has the empty string as the value of Name.

-or-

rsaSignaturePadding was not recognized.

crlNumber is negative.

an error occurred during signing.

Applies to

Build(X500DistinguishedName, X509SignatureGenerator, BigInteger, DateTimeOffset, HashAlgorithmName, X509AuthorityKeyIdentifierExtension, Nullable<DateTimeOffset>)

Source:
CertificateRevocationListBuilder.Build.cs
Source:
CertificateRevocationListBuilder.Build.cs
Source:
CertificateRevocationListBuilder.Build.cs

Builds a Certificate Revocation List (CRL).

public byte[] Build (System.Security.Cryptography.X509Certificates.X500DistinguishedName issuerName, System.Security.Cryptography.X509Certificates.X509SignatureGenerator generator, System.Numerics.BigInteger crlNumber, DateTimeOffset nextUpdate, System.Security.Cryptography.HashAlgorithmName hashAlgorithm, System.Security.Cryptography.X509Certificates.X509AuthorityKeyIdentifierExtension authorityKeyIdentifier, DateTimeOffset? thisUpdate = default);
member this.Build : System.Security.Cryptography.X509Certificates.X500DistinguishedName * System.Security.Cryptography.X509Certificates.X509SignatureGenerator * System.Numerics.BigInteger * DateTimeOffset * System.Security.Cryptography.HashAlgorithmName * System.Security.Cryptography.X509Certificates.X509AuthorityKeyIdentifierExtension * Nullable<DateTimeOffset> -> byte[]
Public Function Build (issuerName As X500DistinguishedName, generator As X509SignatureGenerator, crlNumber As BigInteger, nextUpdate As DateTimeOffset, hashAlgorithm As HashAlgorithmName, authorityKeyIdentifier As X509AuthorityKeyIdentifierExtension, Optional thisUpdate As Nullable(Of DateTimeOffset) = Nothing) As Byte()

Parameters

issuerName
X500DistinguishedName

The subject name of the certificate for the Certificate Authority (CA) that is issuing this CRL.

generator
X509SignatureGenerator

A signature generator to produce the CA signature for this CRL.

crlNumber
BigInteger

The sequence number for this CRL. Per IETF RFC 5280, this value must always increase from one CRL to the next for a given CA.

nextUpdate
DateTimeOffset

The latest possible time before the CA will publish a newer CRL, generally treated as an expiration date for this CRL.

hashAlgorithm
HashAlgorithmName

The hash algorithm to use when signing the CRL.

authorityKeyIdentifier
X509AuthorityKeyIdentifierExtension

The Authority Key Identifier to use in this CRL, identifying the CA certificate.

thisUpdate
Nullable<DateTimeOffset>

An optional value that specifies when this CRL was created, or null to use the current system time. The default is null.

Returns

Byte[]

An array that contains the bytes of the signed CRL.

Exceptions

issuerName, generator, or authorityKeyIdentifier is null.

-or-

hashAlgorithm has null as the value of Name.

nextUpdate is older than thisUpdate.

-or-

hashAlgorithm has the empty string as the value of Name.

crlNumber is negative.

an error occurred during signing.

Applies to