Test Tool: Certificate Generator

At work I do most of my Automation and tool development in C#.NET and PowerShell. To reduce dependency sprawl I code some things myself in C# when there may be existing utilities that perform a similar function (but in another language or that require cumbersome installation/setup, etc...). In this way I can keep things simple and more maintainable as the automation team grows and I work with additional engineers (I'm a team of 1 right now :) )

This Self Signed Certificate Generator tool is one piece of a systems level test I am performing on an  Encryption Management product. As I've developed this Certificate Generator on my own time I feel comfortable sharing the project on my personal page.

The idea behind this tool is to make it simple to generate many certificates in DER or PKCS12 containers. I will be expanding the tool over time to allow for additional features- for now it's good enough for me.

Read on for details.

Note: The download link is at the bottom of the page


The C# Certificate Generator is a system test tool for Encryption Management products. While there are MANY ways one can generate a certificate out there (Scripts, MS command line tools, OpenSSL, etc...) I wrote it with a few goals in mind:

  1. Keep it generic enough so I can alter it to integrate with the product I'm system testing at work (C# based product)
  2. Gain a greater understanding of the APIs provided by BouncyCastle
  3. Eliminate Dependencies on scripting languages, erratic command line tools and OpenSSL (I'll look into OpenSSL when I need a non-managed code solution)

For an effective systems level test of the product I work on during daylight hours I need many Tens of thousands of certificates with and without private keys with varying bit lengths and expiration times. This tool hits all of my critical needs and is expandable enough for me to add on additional features as required.

Certificate Generator is licensed under the same license as Bouncy Castle (You can read it here). As such it is Open Source Software.


System Requirements

  • Microsoft .NET 4.0
  • Visual Studio C# Express 2010 (If you want to build the source code)
  • A reasonably quick computer (If you are generating certificates > 1024 bit)

How to use the tool

  1. Open the EXE found in 
  2. Configure the settings
    1. Common Name Prefix lets you specify the 'base' name of the certificate. A number gets appended onto the end of the prefix so you always have a unique cert
    2. Quantity lets you specify how many certificates you want to create at one time.

    3. Certificate Type lets you pick the 'Container' type for the cert. DER and PKCS12 are the only options right now. Use PKCS12 if you want to preserve the private key

    4. Password is only available when creating PKCS12 housed certificates. It has no bearing on DER (greyed out when DER is selected).

    5. Bit Strength is the bit strength of the keys associated with the certificate. The lowest you can go is 361bits (otherwise Bouncy Castle crashes)

    6. Hash Type lets you pick the hash. I just list all the available hash types. This has not been thoroughly tested- the algorithms I'm interested in all seem to work fine, though.

    7. Valid From is self explanatory. What is the earliest date that the certificate is good?

    8. Valid To is straight forward as well. When should the cert expire?

    9. Output lets you specify where you want all these certs to go after they are generated
  3. The Help / about link will take you to this article



  • The tool is currently single-threaded. That will probably change as I find a bit more time after the Holiday (Today is 4th of July and I'm busy) 
  • There currently isn't much error handling in the code. If you enter something invalid you will probably see an "Unhandled Exception" dialog
  • Currently the tool is limited to generating Self Signed Certificates. That will be changing in a later release
  • The Bouncy Castle source code is directly referenced within the project (So I can compile down to a single executable without DLLs hanging around)



Download the Certificate Generator (In 7Zip format to save on bandwidth charges)

Note 0: Updated on 9-July-2012 to cleanup some testing code 

Note: Antivirus software may not like this tool even though it has legitimate uses (Lacks code signing). For best results, build the source code using Visual C# 2010 Express (microsoft.com). This will give you the opportunity to inspect & improve upon the code.

If you make an improvement (or have a suggested feature), let me know in the comments! :)