How Createx509certificate2 given certificate bytes and private key - dnx50

Question

Basically i am using a LetsEncrypt service to get a certificate byte[] back that i can turn into a X509Certificate2 but then it is missing the private key to then use it on a SSLStream. I have the private key as a RSAParameters but can also convert it to a byte[] but i can't seem to find a way to get the 2 together in the same X509Certificate2 so i can use it for AuthenticateAsServer on a SSLStream. The methods you would use for dotnet 4 don't seems to apply for dnx50 as far as i can tell. I working example would be perfect and i want to keep the solution in dnx50 as i want to deploy this to linux and windows boxes.

Basically trying to do something similar to Convert Certificate and Private Key to .PFX programatically in C# but to just create the X509 with private key though saving would be my next task.

From what i can tell so far i think that dnx50 does not allow you to create a cetificate object and to then add a private key to it like dotnet 4 did. Instead i think i need to pass in aa file or byte[] that contains both for this to work but i don't know how to merge my 2 byte arrays together or to format them.

Answer 1

Finally worked out a solution for this. Not ideal but it works. Basically it uses bouncyCastle to create a pfx stream and then you can read that in to load the private key with the certificate. To do that on CoreCLR i used the nuget package Portable.BouncyCastle:1.8.1 with the following code i put in a helper class.

public X509Certificate2 CreateX509Certificate2(RSAParameters keys, byte[] certificateBytes, string friendlyName)
    {

        if (string.IsNullOrWhiteSpace(friendlyName))
        {
            friendlyName = "default";
        }

        var store = new Pkcs12Store();
        var convertedKeys = GetRsaKeyPair(keys);
        var certificate = new X509CertificateParser().ReadCertificate(certificateBytes);

        store.SetKeyEntry(friendlyName, new AsymmetricKeyEntry(convertedKeys.Private), new X509CertificateEntry[] { new X509CertificateEntry(certificate)});
        using (MemoryStream ms = new MemoryStream())
        {
            var random = new SecureRandom();
            string password = random.Next().ToString() + random.Next().ToString() + random.Next().ToString();
            store.Save(ms, password.ToCharArray(), random);
            var cert = new X509Certificate2(ms.ToArray(), password, X509KeyStorageFlags.Exportable);
            return cert;
        }
    }


    private AsymmetricCipherKeyPair GetRsaKeyPair(
       RSAParameters rp)
    {
        BigInteger modulus = new BigInteger(1, rp.Modulus);
        BigInteger pubExp = new BigInteger(1, rp.Exponent);

        RsaKeyParameters pubKey = new RsaKeyParameters(
            false,
            modulus,
            pubExp);

        RsaPrivateCrtKeyParameters privKey = new RsaPrivateCrtKeyParameters(
            modulus,
            pubExp,
            new BigInteger(1, rp.D),
            new BigInteger(1, rp.P),
            new BigInteger(1, rp.Q),
            new BigInteger(1, rp.DP),
            new BigInteger(1, rp.DQ),
            new BigInteger(1, rp.InverseQ));

        return new AsymmetricCipherKeyPair(pubKey, privKey);
    }