Generating Self Signed Certificates For Unit Testing In C#

I recently wrote a piece of code that used a self signed certificate to then sign a web request. All went well until it came to unit testing this particular piece of code. I (incorrectly) assumed that I could just write something like so :

var certificate = new X509Certificate2();

And on the face of it, it works. But as soon as the certificate actually starts getting used, there is a lot of internals that suddenly break at runtime.

Luckily there’s actually a simple solution. We can generate our own self signed certificate, and simply “hard code” it in code to be used anywhere we need a certificate.

Generating The Self Signed Certificate Using Powershell

To get this working, we need to use Powershell. If you are on a non-windows machine, then you’ll need to work out how to generate a self signed cert (And get the Base64 encoded string) yourself, and then skip to step 2.

Back to powershell. In an *Administrator* powershell prompt, run the following :

New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname MySelfSignedCertificate -NotAfter (Get-Date).AddYears(10)

Note that this generates a certificate and installs it into your local machine (Which you can later remove). I couldn’t find a way in powershell to generate the certificate and *immediately* export it without having to first install it into a store location.

The result of this action should print a thumbprint. Save the thumbprint into a notepad because we’ll need it shortly.

The next piece of powershell we need to run is the following :

$password = ConvertTo-SecureString -String "Password" -Force -AsPlainText
Export-PfxCertificate -cert cert:\localMachine\my\{YOURTHUMBPRINTHERE} -FilePath $env:USERPROFILE\Desktop\MySelfSignedCertificate.pfx -Password $password

It creates a secure password (Change if you like but remember it!), and exports the certificate to your desktop as a pfx file. Almost there!

Finally, CD to your desktop and run :

$pfx_cert = get-content 'MySelfSignedCertificate.pfx' -Encoding Byte
$base64 = [System.Convert]::ToBase64String($pfx_cert)
Write-Host $base64

This will read the certificate from your local machine, and print out a long string as Base64. Save this into notepad and move onto the next step.

Loading Your Base64 Encoded Certificate

Once you have the certificate as a Base64 string, then actually, the rest is easy. Here’s the C# code you need.

public static X509Certificate2 GetClientTestingCertificate()
    string certificateString = "PUTYOURCERTIFICATESTRINGINHERE";
    var privateKeyBytes = Convert.FromBase64String(certificateString);
    var pfxPassword = "Password";
    return new X509Certificate2(privateKeyBytes, pfxPassword);

And that’s literally it. You will now be using a real certificate that doesn’t need to be installed on every single machine for unit tests to run.

I do want to stress that in most cases, this is purely for unit tests. You should not do this if you actually intend to be signing requests or using a certificate in any other “real” way. Unit tests only!

Cleaning Up (Windows)

If you followed the above steps to generate a certificate, then you’ll also want to go and delete your testing certificate from your local store. To do so, simply open MMC, view your certificate stores for your local computer, and delete the certificate named “MySelfSignedCertificate”.

Join over 3.000 subscribers who are receiving our weekly post digest, a roundup of this weeks blog posts.
We hate spam. Your email address will not be sold or shared with anyone else.

Leave a Reply

Your email address will not be published. Required fields are marked *