如何用BouncyCastle在Net8上生成自签名证书？

private AsymmetricCipherKeyPair GenerateKeyPair() { var generator = new RsaKeyPairGenerator(); generator.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 2048)); return generator.GenerateKeyPair(); } private X509Certificate GenerateRootCertificate(AsymmetricCipherKeyPair keyPair, string subject, string[] ipAddresses) { Asn1SignatureFactory signatureFactory = new Asn1SignatureFactory("SHA256WithRSA", keyPair.Private, null); var certGenerator = new X509V3CertificateGenerator(); certGenerator.SetSerialNumber(BigInteger.ValueOf(DateTime.Now.Ticks)); certGenerator.SetIssuerDN(new X509Name(subject)); certGenerator.SetSubjectDN(new X509Name(subject)); certGenerator.SetNotBefore(DateTime.UtcNow); certGenerator.SetNotAfter(DateTime.UtcNow.AddYears(1)); List<Asn1Encodable> asn1Encodables = new List<Asn1Encodable>(); foreach (var ipAddress in ipAddresses) { asn1Encodables.Add(new GeneralName(GeneralName.IPAddress, ipAddress)); } certGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, new DerSequence(new Asn1EncodableVector([.. asn1Encodables]))); certGenerator.SetPublicKey(keyPair.Public); var cert = certGenerator.Generate(signatureFactory); return cert; } private X509Certificate GenerateCertificate(AsymmetricCipherKeyPair keyPair, X509Certificate issuerCert, AsymmetricKeyParameter issuerKey, string subject, string[] ipAddresses) { Asn1SignatureFactory signatureFactory = new Asn1SignatureFactory("SHA256WithRSA", issuerKey, null); var certGenerator = new X509V3CertificateGenerator(); certGenerator.SetSerialNumber(BigInteger.ValueOf(DateTime.Now.Ticks)); certGenerator.SetIssuerDN(issuerCert.SubjectDN); certGenerator.SetSubjectDN(new X509Name(subject)); certGenerator.SetNotBefore(DateTime.UtcNow); certGenerator.SetNotAfter(DateTime.UtcNow.AddYears(1)); certGenerator.Set