How do I deal with X509Certificate2 in XUnit tests?

I'm working on writing XUnit tests for my application, and I need to deal with X509Certificates. The challenge I'm facing is that it's not possible to create a mock of the X509Certificate2 in .NET. As a result, I'm exploring alternative approaches to effectively handle X509Certificates in my test environment.

I have considered building a wrapper around X509Certificate2 or using libraries like Certes, CertificateManager, or BouncyCastle. My goal is to find a solution that strikes a balance between simplicity, performance, and maintainability.

To give you a better idea, here's an example of the wrapper I'm considering:

public interface ICertificate : IDisposable
{
    string Subject { get; }
    string Thumbprint { get; }
    DateTime NotBefore { get; }
    DateTime NotAfter { get; }
    
    X509Certificate2 Export();
}

public class Certificate : ICertificate
{
    private readonly X509Certificate2 _certificate;

    public Certificate(byte[] rawData)
    {
        _certificate = new X509Certificate2(rawData);
    }

    public string Subject => _certificate.Subject;
    public string Thumbprint => _certificate.Thumbprint;
    public DateTime NotBefore => _certificate.NotBefore;
    public DateTime NotAfter => _certificate.NotAfter;

    public X509Certificate2 Export()
    {
        return new X509Certificate2(_certificate);
    }

    public void Dispose()
    {
        _certificate.Dispose();
    }
}

Given the limitations of mocking X509Certificate2, I am leaning towards building this wrapper. However, I'm unsure if it's the best approach or if utilizing one of the mentioned libraries (Certes, CertificateManager, or BouncyCastle) would be a smarter choice.

If you have experience or insights regarding how to deal with X509Certificates in XUnit tests efficiently, I would greatly appreciate your advice. Additionally, if there are any pros and cons I should be aware of for each approach, please share them. Thank you in advance for your help!

One way to resolve the issue can be done by the following:

First, generate a certificate using makecert.
Add the certificate to the project (app_data etc.) and then change Build Action to Embedded Resource.

Finally, load the certificate like below:

byte[] localCertificate;
Assembly thisAssembly = Assembly.GetAssembly(typeof(MyType));
using (Stream certStream = thisAssembly.GetManifestResourceStream("YourProjectName.localhost.pfx"))
{
  localCertificate = new byte[certStream.Length];
  certStream.Read(embeddedCert, 0, (int)certStream.Length);
}

_signingCert = new X509Certificate2(localCertificate, "password");

This will give you a local certificate and can use it to write unit tests.