/// <summary>
/// Create an application certificate with the specified SubjectAltName.
/// </summary>
/// <param name="PKIXUse">Bit mask specifying certificate uses.</param>
/// <param name="SubjectAltName">The subjectAltName. Must be a DNS domain name
/// or a RFC822 email address.</param>
/// <param name="Signer">The signing key (which must have an attached certificate).</param>
public void SignCertificate(Application PKIXUse, string SubjectAltName, PublicKey Signer) {
//NB it is essential that the assignment to the Certificate property
//takes place AFTER the cert is signed. Otherwise the value of X509Certificate
// is not set correctly.
var NewCert = new Certificate(_KeyPair, PKIXUse, SubjectAltName, SubjectAltName);
NewCert.Sign(Signer.Certificate);
Certificate = NewCert;
}