FluentCertificates.Finder 0.12.1-ci0004

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher.
This is a prerelease version of FluentCertificates.Finder.
There is a newer prerelease version of this package available.
See the version list below for details. 
dotnet add package FluentCertificates.Finder --version 0.12.1-ci0004
                    


                    

                
NuGet\Install-Package FluentCertificates.Finder -Version 0.12.1-ci0004
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="FluentCertificates.Finder" Version="0.12.1-ci0004" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="FluentCertificates.Finder" Version="0.12.1-ci0004" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="FluentCertificates.Finder" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add FluentCertificates.Finder --version 0.12.1-ci0004
                    


                    

                
#r "nuget: FluentCertificates.Finder, 0.12.1-ci0004"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#addin nuget:?package=FluentCertificates.Finder&version=0.12.1-ci0004&prerelease
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=FluentCertificates.Finder&version=0.12.1-ci0004&prerelease
                    


                            Install as a Cake Tool

📖 FluentCertificates Overview

⚠️ Note: while version numbers are v0.x.y, this software is under initial development and there there may be breaking-changes in its API between minor versions. ⚠️

NuGet Build & Publish GitHub license

FluentCertificates is a library using the Immutable Fluent Builder pattern for easily creating, finding, and exporting certificates. It makes it simple to generate your own certificate chains or just stand-alone self-signed certificates.

NuGet Packages

This project is published in several NuGet packages:

Documentation is incomplete. More examples can be found in the project's unit tests.

CertificateBuilder Examples

CertificateBuilder requires the FluentCertificates.Builder package and is found under the FluentCertificates namespace.

Minimum Example

The absolute minimum needed to create a certificate, whether it's useful or not.

using var cert = new CertificateBuilder().Create();

Create a Certificate Signing Request

For signing, exporting and passing to a 3rd party CA.

//A public & private keypair must be created first, outside of the CertificateBuilder, otherwise you'd have no way to retrieve the private-key used for the new CertificateSigningRequest object
using var keys = RSA.Create();

//Creating a CertificateSigningRequest
var csr = new CertificateBuilder()
    .SetUsage(CertificateUsage.Server)
    .SetSubject(b => b.SetCommonName("*.fake.domain"))
    .SetSubjectAlternativeNames(x => x.AddDnsNames("*.fake.domain", "fake.domain"))
    .SetKeyPair(keys)
    .CreateCertificateSigningRequest();

//The CertificateRequest object is accessible here:
var certRequest = csr.CertificateRequest;

//CSR can be exported to a string
Console.WriteLine(csr.ToPemString());

//Or to a file or StringWriter instance
csr.ExportAsPem("csr.pem");

Build a Self-Signed Web Server Certificate

Using the fluent style:

using var webCert = new CertificateBuilder()
    .SetFriendlyName("Example self-signed web-server certificate")
    .SetUsage(CertificateUsage.Server)
    .SetSubject(b => b.SetCommonName("*.fake.domain"))
    .SetSubjectAlternativeNames(x => x.AddDnsNames("*.fake.domain", "fake.domain"))
    .SetNotAfter(DateTimeOffset.UtcNow.AddMonths(1))
    .Create();

Or alternatively using object initializers (other examples will use fluent style from now on though):

var builder = new CertificateBuilder() {
    FriendlyName = "Example self-signed web-server certificate",
    Usage = CertificateUsage.Server,
    Subject = new X500NameBuilder().SetCommonName("*.fake.domain"),
    SubjectAlternativeNames = new GeneralNameListBuilder().AddDnsNames("*.fake.domain", "fake.domain"),
    NotAfter = DateTimeOffset.UtcNow.AddMonths(1)
};
using var webCert = builder.Create();

Build a Certificate Authority (CA)

//A CA's expiry date must be later than that of any certificates it will issue
using var issuer = new CertificateBuilder()
    .SetFriendlyName("Example root CA")
    .SetUsage(CertificateUsage.CA)
    .SetSubject(b => b.SetCommonName("Example root CA"))
    .SetNotAfter(DateTimeOffset.UtcNow.AddYears(100))
    .Create();

Build a Client-Auth Certificate Signed by a CA

//Note: the 'issuer' certificate used must have a private-key attached in order to sign this new certificate
using var clientAuthCert = new CertificateBuilder()
    .SetFriendlyName("Example client-auth certificate")
    .SetUsage(CertificateUsage.Client)
    .SetSubject(b => b.SetCommonName("User: Michael"))
    .SetNotAfter(DateTimeOffset.UtcNow.AddYears(1))
    .SetIssuer(issuer)
    .Create();

Advanced: Certificate with Customized Extensions

using var customCert = new CertificateBuilder()
    .SetFriendlyName("Example certificate with customized extensions")
    .SetSubject(b => b.SetCommonName("Example certificate with customized extensions"))
    .AddExtension(new X509BasicConstraintsExtension(false, false, 0, true))
    .AddExtension(new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DataEncipherment, true))
    .AddExtension(new X509EnhancedKeyUsageExtension(new OidCollection { new Oid(Oids.AnyExtendedKeyUsage) }, false))
    .SetIssuer(issuer)
    .Create();

Advanced: Certificates with Custom Name Constraints and CRL Distribution Points

//Permit the CA cert to issue certificates for specific names and IP addresses
var permittedNames = new GeneralNameListBuilder()
    .AddDnsName(".mydomain.local")
    .AddEmailAddress("@mydomain.local")
    .AddIPAddress(ipAddress: "192.168.0.0", subnetMask: "255.255.255.0")
    .Create();

using var issuer = new CertificateBuilder()
    .SetFriendlyName("Example constrained root CA")
    .SetUsage(CertificateUsage.CA)
    .SetSubject(b => b.SetCommonName("Example constrained root CA"))
    .SetNotAfter(DateTimeOffset.UtcNow.AddMonths(1))
    .SetPathLength(1)
    .AddExtension(new X509NameConstraintExtension(permittedNames, null))
    .Create();

using var webCert = new CertificateBuilder()
    .SetFriendlyName("Example certificate with a CRL distribution point")
    .SetUsage(CertificateUsage.Server)
    .SetIssuer(issuer)
    .SetSubject(b => b.SetCommonName("*.mydomain.local"))
    .SetSubjectAlternativeNames(x => x.AddDnsName("*.mydomain.local"))
    //Extension specifies CRL URLs
    .AddExtension(CertificateRevocationListBuilder.BuildCrlDistributionPointExtension([$"http://crl.mydomain.local/"]))
    .Create();

CertificateFinder Examples

CertificateFinder requires the FluentCertificates.Finder package and is found under the FluentCertificates namespace.

The CertificateFinder class allows you to configure, add, and query certificate sources (stores and directories) in a fluent and immutable manner. It supports LINQ queries for flexible certificate searching.

Find a Specific Certificate by Thumbprint

The "common stores" include the CurrentUser and LocalMachine certificate stores, such as "My", "Root", "CA", etc. You can also add custom directories or other X509 stores to search for certificates.

const string thumbprint = "622A2B8374D9BBE3969B91EDBC8F5152783AFC78";

var cert = new CertificateFinder()
    .AddCommonStores()
    .FirstOrDefault(x => x.Certificate.Thumbprint.Equals(thumbprint, StringComparison.OrdinalIgnoreCase));

Find a Valid Certificate with Matching Subject, Giving Preference to Included Private Keys

var subject = new X500NameBuilder()
    .SetOrganization("My Org")
    .SetCountry("AU")
    .SetCommonName("fake.domain");

var cert = new CertificateFinder()
    .AddCommonStores()
    .Select(x => x.Certificate)
    .Where(x => x.IsValidNow())
    .OrderBy(x => !x.HasPrivateKey) //Ensure certs with private keys are listed before those without
    .FirstOrDefault(x => subject.EquivalentTo(x.SubjectName, false));

X500NameBuilder Examples

X500NameBuilder requires the FluentCertificates.Builder package and is found under the FluentCertificates namespace.

TODO: document this; see unit tests for more examples

X509Certificate2 Extension Methods

These extension methods require the FluentCertificates.Builder package and are found under the FluentCertificates namespace.

TODO: document these; see unit tests for more examples

Extension-Method Description
BuildChain
ExportAsCert
ExportAsPkcs12
ExportAsPkcs7
ExportAsPem
ToPemString
ToBase64String
GetPrivateKey
GetSignatureData
GetToBeSignedData
IsValidNow
IsValidAt
IsSelfSigned
IsIssuedBy
VerifyChain

X509Chain Extension Methods

These extension methods require the FluentCertificates.Builder package and are found under the FluentCertificates namespace.

TODO: document these

Extension-Method Description
ToCollection
ToEnumerable
ExportAsPkcs7
ExportAsPkcs12
ExportAsPem
ToPemString

X509Certificate2Collection Extension Methods

These extension methods require the FluentCertificates.Builder package and are found under the FluentCertificates namespace.

TODO: document these

Extension-Method Description
ToEnumerable
ExportAsPkcs7
ExportAsPkcs12
ExportAsPem
ToPemString

IEnumerable<X509Certificate2> Extension Methods

These extension methods require the FluentCertificates.Builder package and are found under the FluentCertificates namespace.

TODO: document these

Extension-Method Description
ToCollection
FilterPrivateKeys
ExportAsPkcs7
ExportAsPkcs12
ExportAsPem
ToPemString

AsymmetricAlgorithm Extension Methods

These extension methods require the FluentCertificates.Builder package and are found under the FluentCertificates namespace.

TODO: document these

Extension-Method Description
ToPrivateKeyPemString
ToPublicKeyPemString
ExportAsPrivateKeyPem
ExportAsPublicKeyPem

CertificateRequest Extension Methods

These extension methods require the FluentCertificates.Builder package and are found under the FluentCertificates namespace.

Extension-Method Description
ToPemString() Exports the CertificateRequest to a PEM string.
ExportAsPem(string path) Exports the CertificateRequest to the specified PEM file.
ExportAsPem(TextWriter writer) Exports the CertificateRequest in PEM format to the given TextWriter.
ConvertToBouncyCastle() Converts the CertificateRequest to a BouncyCastle Pkcs10CertificationRequest

X509Extension Extension Methods

These extension methods require the FluentCertificates.Builder package and are found under the FluentCertificates namespace.

Extension-Method Description
dnExtension.ConvertToBouncyCastle() Converts a DotNet X509Extension to a BouncyCastle X509Extension.
bcExtension.ConvertToDotNet(string oid) Converts a BouncyCastle X509Extension to a DotNet X509Extension. A DotNet X509Extension includes an OID, but a BouncyCastle one doesn't, therefore one must be supplied in the parameters here.
bcExtension.ConvertToDotNet(DerObjectIdentifier oid) Converts a BouncyCastle X509Extension to a DotNet X509Extension. A DotNet X509Extension includes an OID, but a BouncyCastle one doesn't, therefore one must be supplied in the parameters here.
Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (2)

Showing the top 2 NuGet packages that depend on FluentCertificates.Finder:

Package Downloads
FluentCertificates

FluentCertificates is a library using the Immutable Fluent Builder pattern for easily creating, finding/querying and exporting certificates.
Xtra.ServiceHosting.Identity

Package Description

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
0.12.1-ci0005 122 6/4/2025
0.12.1-ci0004 126 6/4/2025
0.12.1-ci0002 128 6/4/2025
0.12.1-ci0001 137 6/3/2025
0.12.0 141 6/3/2025
0.11.1-ci0007 133 6/3/2025
0.11.0 142 5/30/2025
0.10.1-ci0019 140 5/29/2025
0.10.1-ci0018 135 5/29/2025
0.10.1-ci0017 134 5/29/2025
0.10.1-ci0016 143 5/29/2025
0.10.1-ci0010 139 5/29/2025
0.10.1-ci0008 137 5/28/2025
0.10.1-ci0001 99 11/29/2024
0.10.0 306 11/28/2024
0.9.2-ci0009 87 11/28/2024
0.9.2-ci0008 107 11/28/2024
0.9.2-ci0006 110 11/27/2024
0.9.2-ci0004 100 11/27/2024
0.9.2-ci0002 139 2/19/2024
0.9.1 661 8/11/2023
0.9.1-ci0017 206 8/11/2023
0.9.1-ci0007 199 8/11/2023
0.9.1-ci0006 232 8/11/2023
0.9.0 246 8/10/2023
0.8.1-ci0031 225 8/10/2023
0.8.1-ci0028 208 8/2/2023
0.8.1-ci0027 186 8/2/2023
0.8.1-ci0025 219 8/2/2023
0.8.1-ci0020 227 8/1/2023
0.8.1-ci0018 195 8/1/2023
0.8.1-ci0016 210 8/1/2023
0.8.0 3,833 7/7/2022
0.7.2-ci0010 278 7/7/2022
0.7.2-ci0002 271 7/6/2022
0.7.2-ci0001 254 7/6/2022
0.7.1 715 6/24/2022
0.7.1-ci0001 227 6/24/2022
0.7.0 705 6/24/2022
0.6.1-ci0002 268 6/24/2022
0.6.1-ci0001 239 6/24/2022
0.6.0 733 6/23/2022
0.5.5-ci0009 245 6/23/2022
0.5.5-ci0008 241 6/23/2022
0.5.5-ci0007 257 6/23/2022
0.5.5-ci0006 256 6/23/2022
0.5.5-ci0005 236 6/23/2022
0.5.5-ci0004 259 6/21/2022
0.5.4 702 6/20/2022
0.5.4-ci0002 250 6/20/2022
0.5.3 700 6/20/2022
0.5.3-ci0005 255 6/20/2022
0.5.3-ci0004 260 6/20/2022
0.5.3-ci0003 235 6/20/2022
0.5.2 754 6/18/2022
0.5.2-ci0001 249 6/18/2022
0.5.1 737 6/17/2022
0.5.1-ci0001 225 6/17/2022
0.5.0 658 6/17/2022
0.4.2-ci0022 251 6/17/2022
0.4.2-ci0021 249 6/17/2022
0.4.2-ci0020 231 6/17/2022
0.4.2-ci0018 250 6/17/2022
0.4.2-ci0014 233 6/16/2022
0.4.2-ci0013 256 6/16/2022
0.4.2-ci0012 260 6/16/2022
0.4.2-ci0011 232 6/16/2022
0.4.2-ci0010 235 6/16/2022
0.4.2-ci0009 261 6/16/2022
0.4.2-ci0007 217 6/16/2022
0.4.2-ci0003 267 6/15/2022
0.4.2-ci0002 262 6/15/2022
0.4.2-ci0001 244 6/10/2022
0.4.1 720 6/10/2022
0.4.1-ci0008 230 6/10/2022
0.4.1-ci0007 260 6/10/2022
0.4.1-ci0006 268 6/10/2022
0.4.1-ci0005 264 6/10/2022
0.4.1-ci0004 252 6/10/2022
0.4.1-ci0003 250 6/10/2022
0.4.1-ci0002 249 6/8/2022
0.4.1-ci0001 228 6/8/2022
0.4.0 731 6/2/2022
0.3.3-ci0001 238 6/2/2022
0.3.2 943 6/2/2022
0.3.2-ci0002 948 5/31/2022
0.3.2-ci.1 198 5/30/2022