//先用大整数来生成一个1024bit的密钥对
RSA rsa = new RSA();
BigNumber number = OpenSSL.Core.Random.Next(10, 10, 1);
rsa.GenerateKeys(1024, number, null, null);
CryptoKey key = new CryptoKey(rsa);
//创建X509证书,Subject和Issuer相同
X509Certificate x509 = new X509Certificate();
x509.SerialNumber = (int)DateTime.Now.Ticks;
x509.Subject = new X509Name("CN=DOMAIN"); //DOMAIN为站点域名
x509.Issuer = new X509Name("CN=DOMAIN");
x509.PublicKey = key; //指定公钥
x509.NotBefore = Convert.ToDateTime("2011-1-1"); //起始时间
x509.NotAfter = Convert.ToDateTime("2050-1-1"); //失效时间
x509.Version = 2;
//用私钥签一下名
x509.Sign(key, MessageDigest.MD5);
//输出到crt文件中
BIO x509bio = BIO.File("CA.crt", "w");
x509.Write(x509bio);
//生成pfx文件,注意证书链必须是空的
var certs = new OpenSSL.Core.Stack<X509Certificate>();
PKCS12 p12 = new PKCS12("PASSWORD", key, x509, certs); //PASSWORD为保护密钥
BIO p12Bio = BIO.File("CA.pfx", "w");
p12.Write(p12Bio);
//清理
rsa.Dispose();
x509.Dispose();
x509bio.Dispose();
p12.Dispose();
p12Bio.Dispose();
转 http://www.cnblogs.com/jiecaoge/p/6408176.html
openssl-net git地址是 https://github.com/openssl-net/openssl-net