I'm trying to create a simpleish single-form VB.Net app that creates Certificate Signing Requests (CSRs) for signing by Cert Authority (CA), and subsequent use on domain websites.
I've managed to get that much working, and the CA likes the CSRs my app creates (they parse as valid).
BUT, I don't seem to have the private key, rendering the signed certificate useless to me.
My code, reduced to the relevant bits:
Dim Subject As String = $"CN={CN},OU={OU},O={O},L={L},ST={ST},C={C}"
Dim MyRSA As RSA = RSA.Create(iKeyLen)
Dim CrtReq As New CertificateRequest(Subject, MyRSA, HashAlgorithmName.SHA512, RSASignaturePadding.Pkcs1)
' ...Bunch of stuff to get bSanPayload...
CrtReq.CertificateExtensions.Add(New X509Extension("Subject Alternative Name", bSanPayload, True))
Dim CSR() As Byte = CrtReq.CreateSigningRequest()
Dim B64 As String = System.Convert.ToBase64String(CSR)
' ...then take B64, format in columns, add CSR header and footer, etc...
Thing is, even though I can get a valid, CA-signed certificate after doing this, the associated private key is... nowhere. I feel like I should be setting up the RSA differently, but to borrow the expression, I don't know what I don't know. MS's article on CreateSigningRequest() doesn't say anything about placing an unsigned copy in "Certificate Enrollment Requests," or how to match up the signed certificate to a private key.
How do I set this up correctly, so that I have the private key available for certificate installation and use?