While trying to sign bytes through X509Certificate2 it was throwing exception
"System.Security.Cryptography.CryptographicException: A certificate chain could not be built to a trusted root authority""
I made an small changes and now every thing is working fine with signer.IncludeOption = X509IncludeOption.EndCertOnly;
My modified code is
Microsoft Reference
https://blogs.msdn.microsoft.com/dsnotes/2014/08/26/using-x509includeoption-to-avoid-system-security-cryptography-cryptographicexception-a-certificate-chain-could-not-be-built-to-a-trusted-root-authority/
"System.Security.Cryptography.CryptographicException: A certificate chain could not be built to a trusted root authority""
I made an small changes and now every thing is working fine with signer.IncludeOption = X509IncludeOption.EndCertOnly;
My modified code is
private static byte[] Sign(byte[] data, X509Certificate2 certificate) { if (data == null) throw new ArgumentNullException("data"); if (certificate == null) throw new ArgumentNullException("certificate"); X509Chain ch = new X509Chain(); ch.Build(certificate); // setup the data to sign System.Security.Cryptography.Pkcs.ContentInfo content = new System.Security.Cryptography.Pkcs.ContentInfo(data); SignedCms signedCms = new SignedCms(content, false); CmsSigner signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, certificate); signer.IncludeOption = X509IncludeOption.EndCertOnly;// Use if Error: A certificate chain could not be built to a trusted root authority. // create the signature signedCms.ComputeSignature(signer); return signedCms.Encode(); }
Microsoft Reference
https://blogs.msdn.microsoft.com/dsnotes/2014/08/26/using-x509includeoption-to-avoid-system-security-cryptography-cryptographicexception-a-certificate-chain-could-not-be-built-to-a-trusted-root-authority/