I'm trying to generate a CSR to use with ApplePay. We will be running this on a server and generating 1000s of these over time. I'd prefer to do this in code/memory instead of running the openssl commands directly so the private key will never be on the HHD.
I know these openssl commands work.
openssl ecparam -out private.key -name prime256v1 -genkey
openssl req -new -sha256 -key private.key -nodes -out request.csr -subj '/O=Your Name or Company/C=US'
This is my code:
// generate the key with a specified curve,
X9ECParameters curve = NistNamedCurves.GetByName("P-256");
ECDomainParameters ecParam = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H, curve.GetSeed());
ECKeyPairGenerator keyGen = new ECKeyPairGenerator();
keyGen.Init(new ECKeyGenerationParameters(ecParam, new SecureRandom()));
AsymmetricCipherKeyPair keyPairServer = keyGen.GenerateKeyPair();
var p10builder = new Pkcs10CertificationRequest
(
"SHA256WITHECDSA",
new X509Name("O=NAB Test,C=US"),
keyPairServer.Public,
null,
keyPairServer.Private
);
// build string to send to Apple
string csr = CSR_HEADER + "\r\n" + Convert.ToBase64String(p10builder.GetEncoded()) + "\r\n" + CSR_FOOTER;
Apple's page accepts the certificate and gives me the response cert for me to pull some info out of. However when I 'activate' this cert I get 'unknown error'. Because I'm using BC Apple support refuses to help. One thing I do notice is that my CSR data about twice as long as the data from OpenSSL.
I think it might be related to -nodes but i'm not sure.
