Add notice that MD5 and SHA-1 are not supported for CertificateRequest (#3812)

* Add notice that MD5 and SHA-1 are not supported for CertificateRequest

* Fix bad copy/paste in CreateSigningRequest remark

Author: bartonjs

xml/System.Security.Cryptography.X509Certificates/CertificateRequest.xml

@@ -348,7 +348,16 @@
         <param name="serialNumber">The serial number to use for the new certificate. This value should be unique per issuer. The value is interpreted as an unsigned integer of arbitrary size in big-endian byte ordering. <see href="https://tools.ietf.org/html/rfc3280#section-4.1.2.2">RFC 3280</see> recommends confining it to 20 bytes or less.</param>
         <summary>Creates a certificate using the established subject, key, and optional extensions using the specified certificate as the issuer.</summary>
         <returns>An <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2" /> object with the specified values. The returned object won't assert <see cref="P:System.Security.Cryptography.X509Certificates.X509Certificate2.HasPrivateKey" />.</returns>
-        <remarks>To be added.</remarks>
+        <remarks>
+          <format type="text/markdown"><![CDATA[  
+
+## Remarks
+
+This method does not support using MD5 or SHA-1 as the hash algorithm for the certificate signature.
+If you need an MD5 or SHA-1 based certificate signature, you need to implement a custom <xref:System.Security.Cryptography.X509Certificates.X509SignatureGenerator> and call <xref:System.Security.Cryptography.X509Certificates.CertificateRequest.Create(System.Security.Cryptography.X509Certificates.X500DistinguishedName,System.Security.Cryptography.X509Certificates.X509SignatureGenerator,System.DateTimeOffset,System.DateTimeOffset,System.Byte[])>.
+
+ ]]></format>
+        </remarks>
         <exception cref="T:System.ArgumentNullException">
           <paramref name="issuerCertificate" /> is <see langword="null" />.</exception>
         <exception cref="T:System.ArgumentException">The <paramref name="issuerCertificate" /> doesn't contain a private key.
@@ -370,6 +379,7 @@ The type of signing key represented by <paramref name="issuerCertificate" /> cou
 <paramref name="issuerCertificate" /> has a different key algorithm than the requested certificate.</exception>
         <exception cref="T:System.InvalidOperationException">
           <paramref name="issuerCertificate" /> is an RSA certificate and the current object was created using a constructor that doesn't accept a <paramref name="padding" /> parameter.</exception>
+        <exception cref="T:System.ArgumentOutOfRangeException">The <see cref="P:System.Security.Cryptography.X509Certificates.CertificateRequest.HashAlgorithm"/> property value is not supported.</exception>
       </Docs>
     </Member>
     <Member MemberName="Create">
@@ -462,11 +472,21 @@ The type of signing key represented by <paramref name="issuerCertificate" /> cou
         <param name="notAfter">The date and time when this certificate is no longer considered valid.</param>
         <summary>Creates a self-signed certificate using the established subject, key, and optional extensions.</summary>
         <returns>An <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2" /> object with the specified values. The returned object will assert <see cref="P:System.Security.Cryptography.X509Certificates.X509Certificate2.HasPrivateKey" />.</returns>
-        <remarks>To be added.</remarks>
+        <remarks>
+          <format type="text/markdown"><![CDATA[  
+
+## Remarks
+
+This method does not support using MD5 or SHA-1 as the hash algorithm for the certificate signature.
+If you need an MD5 or SHA-1 based certificate signature, you need to implement a custom <xref:System.Security.Cryptography.X509Certificates.X509SignatureGenerator> and call <xref:System.Security.Cryptography.X509Certificates.CertificateRequest.Create(System.Security.Cryptography.X509Certificates.X500DistinguishedName,System.Security.Cryptography.X509Certificates.X509SignatureGenerator,System.DateTimeOffset,System.DateTimeOffset,System.Byte[])>.
+
+ ]]></format>
+        </remarks>
         <exception cref="T:System.ArgumentException">
           <paramref name="notAfter" /> represents a date and time that happens earlier than <paramref name="notBefore" />.</exception>
         <exception cref="T:System.InvalidOperationException">The current object was created using a constructor that doesn't accept a signing key.</exception>
         <exception cref="T:System.Security.Cryptography.CryptographicException">An error occurs during the certificate creation process.</exception>
+        <exception cref="T:System.ArgumentOutOfRangeException">The <see cref="P:System.Security.Cryptography.X509Certificates.CertificateRequest.HashAlgorithm"/> property value is not supported.</exception>
       </Docs>
     </Member>
     <MemberGroup MemberName="CreateSigningRequest">
@@ -511,6 +531,9 @@ The type of signing key represented by <paramref name="issuerCertificate" /> cou
   
 ## Remarks  
 
+This method does not support using MD5 or SHA-1 as the hash algorithm for the signing request signature.
+If you need an MD5 or SHA-1 based signing request, you need to implement a custom <xref:System.Security.Cryptography.X509Certificates.X509SignatureGenerator> and call <xref:System.Security.Cryptography.X509Certificates.CertificateRequest.CreateSigningRequest(System.Security.Cryptography.X509Certificates.X509SignatureGenerator)>.
+
 When submitting a certificate signing request via a web browser, or other graphical or textual
 interface, the input is frequently expected to be in the Privacy Enhanced Mail (PEM) format,
 instead of the DER binary format. To convert the return value to PEM format, make a string
@@ -546,6 +569,7 @@ public static string PemEncodeSigningRequest(CertificateRequest request, PkcsSig
  ]]></format>
         </remarks>
         <exception cref="T:System.InvalidOperationException">The current object was created using a constructor that doesn't accept a signing key.</exception>
+        <exception cref="T:System.ArgumentOutOfRangeException">The <see cref="P:System.Security.Cryptography.X509Certificates.CertificateRequest.HashAlgorithm"/> property value is not supported.</exception>
       </Docs>
     </Member>
     <Member MemberName="CreateSigningRequest">