FluentCertificates.Finder 0.12.1-ci0004

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher.
This is a prerelease version of FluentCertificates.Finder.
There is a newer version of this package available.
See the version list below for details. 
dotnet add package FluentCertificates.Finder --version 0.12.1-ci0004
                    


                    

                
NuGet\Install-Package FluentCertificates.Finder -Version 0.12.1-ci0004
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="FluentCertificates.Finder" Version="0.12.1-ci0004" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="FluentCertificates.Finder" Version="0.12.1-ci0004" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="FluentCertificates.Finder" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add FluentCertificates.Finder --version 0.12.1-ci0004
                    


                    

                
#r "nuget: FluentCertificates.Finder, 0.12.1-ci0004"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package FluentCertificates.Finder@0.12.1-ci0004
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=FluentCertificates.Finder&version=0.12.1-ci0004&prerelease
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=FluentCertificates.Finder&version=0.12.1-ci0004&prerelease
                    


                            Install as a Cake Tool

📖 FluentCertificates Overview

⚠️ Note: while version numbers are v0.x.y, this software is under initial development and there there may be breaking-changes in its API between minor versions. ⚠️

NuGet Build & Publish GitHub license

FluentCertificates is a library using the Immutable Fluent Builder pattern for easily creating, finding, and exporting certificates. It makes it simple to generate your own certificate chains or just stand-alone self-signed certificates.

NuGet Packages

This project is published in several NuGet packages:

Documentation is incomplete. More examples can be found in the project's unit tests.

CertificateBuilder Examples

CertificateBuilder requires the FluentCertificates.Builder package and is found under the FluentCertificates namespace.

Minimum Example

The absolute minimum needed to create a certificate, whether it's useful or not.

using var cert = new CertificateBuilder().Create();

Create a Certificate Signing Request

For signing, exporting and passing to a 3rd party CA.

//A public & private keypair must be created first, outside of the CertificateBuilder, otherwise you'd have no way to retrieve the private-key used for the new CertificateSigningRequest object
using var keys = RSA.Create();

//Creating a CertificateSigningRequest
var csr = new CertificateBuilder()
    .SetUsage(CertificateUsage.Server)
    .SetSubject(b => b.SetCommonName("*.fake.domain"))
    .SetSubjectAlternativeNames(x => x.AddDnsNames("*.fake.domain", "fake.domain"))
    .SetKeyPair(keys)
    .CreateCertificateSigningRequest();

//The CertificateRequest object is accessible here:
var certRequest = csr.CertificateRequest;

//CSR can be exported to a string
Console.WriteLine(csr.ToPemString());

//Or to a file or StringWriter instance
csr.ExportAsPem("csr.pem");

Build a Self-Signed Web Server Certificate

Using the fluent style:

using var webCert = new CertificateBuilder()
    .SetFriendlyName("Example self-signed web-server certificate")
    .SetUsage(CertificateUsage.Server)
    .SetSubject(b => b.SetCommonName("*.fake.domain"))
    .SetSubjectAlternativeNames(x => x.AddDnsNames("*.fake.domain", "fake.domain"))
    .SetNotAfter(DateTimeOffset.UtcNow.AddMonths(1))
    .Create();

Or alternatively using object initializers (other examples will use fluent style from now on though):

var builder = new CertificateBuilder() {
    FriendlyName = "Example self-signed web-server certificate",
    Usage = CertificateUsage.Server,
    Subject = new X500NameBuilder().SetCommonName("*.fake.domain"),
    SubjectAlternativeNames = new GeneralNameListBuilder().AddDnsNames("*.fake.domain", "fake.domain"),
    NotAfter = DateTimeOffset.UtcNow.AddMonths(1)
};
using var webCert = builder.Create();

Build a Certificate Authority (CA)

//A CA's expiry date must be later than that of any certificates it will issue
using var issuer = new CertificateBuilder()
    .SetFriendlyName("Example root CA")
    .SetUsage(CertificateUsage.CA)
    .SetSubject(b => b.SetCommonName("Example root CA"))
    .SetNotAfter(DateTimeOffset.UtcNow.AddYears(100))
    .Create();

Build a Client-Auth Certificate Signed by a CA

//Note: the 'issuer' certificate used must have a private-key attached in order to sign this new certificate
using var clientAuthCert = new CertificateBuilder()
    .SetFriendlyName("Example client-auth certificate")
    .SetUsage(CertificateUsage.Client)
    .SetSubject(b => b.SetCommonName("User: Michael"))
    .SetNotAfter(DateTimeOffset.UtcNow.AddYears(1))
    .SetIssuer(issuer)
    .Create();

Advanced: Certificate with Customized Extensions

using var customCert = new CertificateBuilder()
    .SetFriendlyName("Example certificate with customized extensions")
    .SetSubject(b => b.SetCommonName("Example certificate with customized extensions"))
    .AddExtension(new X509BasicConstraintsExtension(false, false, 0, true))
    .AddExtension(new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DataEncipherment, true))
    .AddExtension(new X509EnhancedKeyUsageExtension(new OidCollection { new Oid(Oids.AnyExtendedKeyUsage) }, false))
    .SetIssuer(issuer)
    .Create();

Advanced: Certificates with Custom Name Constraints and CRL Distribution Points

//Permit the CA cert to issue certificates for specific names and IP addresses
var permittedNames = new GeneralNameListBuilder()
    .AddDnsName(".mydomain.local")
    .AddEmailAddress("@mydomain.local")
    .AddIPAddress(ipAddress: "192.168.0.0", subnetMask: "255.255.255.0")
    .Create();

using var issuer = new CertificateBuilder()
    .SetFriendlyName("Example constrained root CA")
    .SetUsage(CertificateUsage.CA)
    .SetSubject(b => b.SetCommonName("Example constrained root CA"))
    .SetNotAfter(DateTimeOffset.UtcNow.AddMonths(1))
    .SetPathLength(1)
    .AddExtension(new X509NameConstraintExtension(permittedNames, null))
    .Create();

using var webCert = new CertificateBuilder()
    .SetFriendlyName("Example certificate with a CRL distribution point")
    .SetUsage(CertificateUsage.Server)
    .SetIssuer(issuer)
    .SetSubject(b => b.SetCommonName("*.mydomain.local"))
    .SetSubjectAlternativeNames(x => x.AddDnsName("*.mydomain.local"))
    //Extension specifies CRL URLs
    .AddExtension(CertificateRevocationListBuilder.BuildCrlDistributionPointExtension([$"http://crl.mydomain.local/"]))
    .Create();

CertificateFinder Examples

CertificateFinder requires the FluentCertificates.Finder package and is found under the FluentCertificates namespace.

The CertificateFinder class allows you to configure, add, and query certificate sources (stores and directories) in a fluent and immutable manner. It supports LINQ queries for flexible certificate searching.

Find a Specific Certificate by Thumbprint

The "common stores" include the CurrentUser and LocalMachine certificate stores, such as "My", "Root", "CA", etc. You can also add custom directories or other X509 stores to search for certificates.

const string thumbprint = "622A2B8374D9BBE3969B91EDBC8F5152783AFC78";

var cert = new CertificateFinder()
    .AddCommonStores()
    .FirstOrDefault(x => x.Certificate.Thumbprint.Equals(thumbprint, StringComparison.OrdinalIgnoreCase));

Find a Valid Certificate with Matching Subject, Giving Preference to Included Private Keys

var subject = new X500NameBuilder()
    .SetOrganization("My Org")
    .SetCountry("AU")
    .SetCommonName("fake.domain");

var cert = new CertificateFinder()
    .AddCommonStores()
    .Select(x => x.Certificate)
    .Where(x => x.IsValidNow())
    .OrderBy(x => !x.HasPrivateKey) //Ensure certs with private keys are listed before those without
    .FirstOrDefault(x => subject.EquivalentTo(x.SubjectName, false));

X500NameBuilder Examples

X500NameBuilder requires the FluentCertificates.Builder package and is found under the FluentCertificates namespace.

TODO: document this; see unit tests for more examples

X509Certificate2 Extension Methods

These extension methods require the FluentCertificates.Builder package and are found under the FluentCertificates namespace.

TODO: document these; see unit tests for more examples

Extension-Method Description
BuildChain
ExportAsCert
ExportAsPkcs12
ExportAsPkcs7
ExportAsPem
ToPemString
ToBase64String
GetPrivateKey
GetSignatureData
GetToBeSignedData
IsValidNow
IsValidAt
IsSelfSigned
IsIssuedBy
VerifyChain

X509Chain Extension Methods

These extension methods require the FluentCertificates.Builder package and are found under the FluentCertificates namespace.

TODO: document these

Extension-Method Description
ToCollection
ToEnumerable
ExportAsPkcs7
ExportAsPkcs12
ExportAsPem
ToPemString

X509Certificate2Collection Extension Methods

These extension methods require the FluentCertificates.Builder package and are found under the FluentCertificates namespace.

TODO: document these

Extension-Method Description
ToEnumerable
ExportAsPkcs7
ExportAsPkcs12
ExportAsPem
ToPemString

IEnumerable<X509Certificate2> Extension Methods

These extension methods require the FluentCertificates.Builder package and are found under the FluentCertificates namespace.

TODO: document these

Extension-Method Description
ToCollection
FilterPrivateKeys
ExportAsPkcs7
ExportAsPkcs12
ExportAsPem
ToPemString

AsymmetricAlgorithm Extension Methods

These extension methods require the FluentCertificates.Builder package and are found under the FluentCertificates namespace.

TODO: document these

Extension-Method Description
ToPrivateKeyPemString
ToPublicKeyPemString
ExportAsPrivateKeyPem
ExportAsPublicKeyPem

CertificateRequest Extension Methods

These extension methods require the FluentCertificates.Builder package and are found under the FluentCertificates namespace.

Extension-Method Description
ToPemString() Exports the CertificateRequest to a PEM string.
ExportAsPem(string path) Exports the CertificateRequest to the specified PEM file.
ExportAsPem(TextWriter writer) Exports the CertificateRequest in PEM format to the given TextWriter.
ConvertToBouncyCastle() Converts the CertificateRequest to a BouncyCastle Pkcs10CertificationRequest

X509Extension Extension Methods

These extension methods require the FluentCertificates.Builder package and are found under the FluentCertificates namespace.

Extension-Method Description
dnExtension.ConvertToBouncyCastle() Converts a DotNet X509Extension to a BouncyCastle X509Extension.
bcExtension.ConvertToDotNet(string oid) Converts a BouncyCastle X509Extension to a DotNet X509Extension. A DotNet X509Extension includes an OID, but a BouncyCastle one doesn't, therefore one must be supplied in the parameters here.
bcExtension.ConvertToDotNet(DerObjectIdentifier oid) Converts a BouncyCastle X509Extension to a DotNet X509Extension. A DotNet X509Extension includes an OID, but a BouncyCastle one doesn't, therefore one must be supplied in the parameters here.
Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (2)

Showing the top 2 NuGet packages that depend on FluentCertificates.Finder:

Package Downloads
FluentCertificates

FluentCertificates is a library using the Immutable Fluent Builder pattern for easily creating, finding/querying and exporting certificates.
Xtra.ServiceHosting.Identity

Package Description

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
0.13.0 351 8/26/2025
0.12.1-ci0005 199 6/4/2025
0.12.1-ci0004 196 6/4/2025
0.12.1-ci0002 188 6/4/2025
0.12.1-ci0001 198 6/3/2025
0.12.0 260 6/3/2025
0.11.1-ci0007 193 6/3/2025
0.11.0 225 5/30/2025
0.10.1-ci0019 218 5/29/2025
0.10.1-ci0018 194 5/29/2025
0.10.1-ci0017 208 5/29/2025
0.10.1-ci0016 205 5/29/2025
0.10.1-ci0010 192 5/29/2025
0.10.1-ci0008 225 5/28/2025
0.10.1-ci0001 174 11/29/2024
0.10.0 446 11/28/2024
0.9.2-ci0009 133 11/28/2024
0.9.2-ci0008 189 11/28/2024
0.9.2-ci0006 173 11/27/2024
0.9.2-ci0004 162 11/27/2024
0.9.2-ci0002 203 2/19/2024
0.9.1 810 8/11/2023
0.9.1-ci0017 281 8/11/2023
0.9.1-ci0007 278 8/11/2023
0.9.1-ci0006 336 8/11/2023
0.9.0 324 8/10/2023
0.8.1-ci0031 325 8/10/2023
0.8.1-ci0028 279 8/2/2023
0.8.1-ci0027 265 8/2/2023
0.8.1-ci0025 322 8/2/2023
0.8.1-ci0020 309 8/1/2023
0.8.1-ci0018 302 8/1/2023
0.8.1-ci0016 307 8/1/2023
0.8.0 4,327 7/7/2022
0.7.2-ci0010 402 7/7/2022
0.7.2-ci0002 396 7/6/2022
0.7.2-ci0001 379 7/6/2022
0.7.1 825 6/24/2022
0.7.1-ci0001 351 6/24/2022
0.7.0 813 6/24/2022
0.6.1-ci0002 396 6/24/2022
0.6.1-ci0001 357 6/24/2022
0.6.0 863 6/23/2022
0.5.5-ci0009 342 6/23/2022
0.5.5-ci0008 379 6/23/2022
0.5.5-ci0007 382 6/23/2022
0.5.5-ci0006 387 6/23/2022
0.5.5-ci0005 346 6/23/2022
0.5.5-ci0004 364 6/21/2022
0.5.4 807 6/20/2022
0.5.4-ci0002 384 6/20/2022
0.5.3 808 6/20/2022
0.5.3-ci0005 352 6/20/2022
0.5.3-ci0004 355 6/20/2022
0.5.3-ci0003 366 6/20/2022
0.5.2 877 6/18/2022
0.5.2-ci0001 382 6/18/2022
0.5.1 849 6/17/2022
0.5.1-ci0001 361 6/17/2022
0.5.0 770 6/17/2022
0.4.2-ci0022 387 6/17/2022
0.4.2-ci0021 362 6/17/2022
0.4.2-ci0020 343 6/17/2022
0.4.2-ci0018 350 6/17/2022
0.4.2-ci0014 345 6/16/2022
0.4.2-ci0013 354 6/16/2022
0.4.2-ci0012 368 6/16/2022
0.4.2-ci0011 358 6/16/2022
0.4.2-ci0010 343 6/16/2022
0.4.2-ci0009 381 6/16/2022
0.4.2-ci0007 322 6/16/2022
0.4.2-ci0003 399 6/15/2022
0.4.2-ci0002 370 6/15/2022
0.4.2-ci0001 355 6/10/2022
0.4.1 825 6/10/2022
0.4.1-ci0008 323 6/10/2022
0.4.1-ci0007 372 6/10/2022
0.4.1-ci0006 368 6/10/2022
0.4.1-ci0005 378 6/10/2022
0.4.1-ci0004 363 6/10/2022
0.4.1-ci0003 361 6/10/2022
0.4.1-ci0002 359 6/8/2022
0.4.1-ci0001 342 6/8/2022
0.4.0 866 6/2/2022
0.3.3-ci0001 353 6/2/2022
0.3.2 1,096 6/2/2022
0.3.2-ci0002 1,165 5/31/2022
0.3.2-ci.1 289 5/30/2022