Click here to Skip to main content
11,409,097 members (49,045 online)
Rate this: bad
good
Please Sign up or sign in to vote.
See more: ssl certificate Client
I am having trouble with my project, when i add the client certificates to my requests (sslstream or httpwebrequest) they end up being null on the other end of the request. Does anyone have any ideas?

Code Sample:


           public void RunClient()
            {
                string machineName = "my-loaner.myworld.local";
                string serverName= "clientmachine";
                //get the client certificate from the store on the local machine               
               xCert = PickCertificate(StoreLocation.LocalMachine, StoreName.My);
 
               // Load the certificate into an X509Certificate object.
                var xCertColl = new X509CertificateCollection {xCert};
 
                // Create a TCP/IP client socket.
                // machineName is the host running the server application.
                TcpClient client = new TcpClient(machineName,443);
 
                //Console.WriteLine("Client connected.");
                // Create an SSL stream that will close the client's stream.
                SslStream sslStream = new SslStream(
                    client.GetStream(),
                    true,
                    new RemoteCertificateValidationCallback(ValidateServerCertificate),
                    null
                    );
                // The server name must match the name on the server certificate.
                try
                {
                    sslStream.AuthenticateAsClient(serverName, new X509CertificateCollection(xCertColl), SslProtocols.Tls, false);
                }
                catch (AuthenticationException e)
                {
                    Console.WriteLine("Exception: {0}", e.Message);
                    if (e.InnerException != null)
                    {
                        Console.WriteLine("Inner exception: {0}", e.InnerException.Message);
                    }
                    Console.WriteLine("Authentication failed - closing the connection.");
                    client.Close();
                    return;
                }
                
                byte[] messsage =Encoding.UTF8.GetBytes("GET /default.aspx?=23 HTTP/1.1\r\nHost: my-loaner.myworld.local\r\nAccept: */*\r\n\r\n");
                // Send hello message to the server. 
                sslStream.Write(messsage);
                sslStream.Flush();
                StreamResponse = sslStream;
                Image2.ImageUrl = WriteRequest();
                // Read message from the server.
               // string serverMessage = ReadMessage(sslStream);
                //Console.WriteLine("Server says: {0}", serverMessage);
                // Close the client connection.
                client.Close();
                Console.WriteLine("Client closed.");
            }
private static X509Certificate2 PickCertificate(
                         StoreLocation location, StoreName name)
        {
            var store = new X509Store(name, location);
            try
            {
                store.Open(OpenFlags.ReadOnly);
                X509Certificate2 cert;
                if(store.Certificates.Count == 1)
                    cert = store.Certificates[0];
                else
                {
                // pick a certificate from the store
                     cert =
                        X509Certificate2UI.SelectFromCollection(
                            store.Certificates, "Caption",
                            "Message", X509SelectionFlag.SingleSelection)[0];
                }
                // show certificate details dialog
               // X509Certificate2UI.DisplayCertificate(cert);
                return cert;
            }
            finally { store.Close(); }
        }
Posted 10-Sep-12 9:19am
Edited 10-Sep-12 11:13am
Wes Aday94.3K
v4
Comments
Sergey Alexandrovich Kryukov at 10-Sep-12 15:34pm
   
Hardly, because you did not supply relevant information. I does not qualify as a question, just not yet. How about a code sample? If you can do it, don't reply, just use "Improve question" above.
--SA
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

Have you enabled client certificates:

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/096519f4-3079-4571-9d28-8e5d286c5ab9.mspx?mfr=true[^]

Some guide lines from MS:
http://support.microsoft.com/kb/901183[^]

Also look at the following code get some initial idea on ICertificatePolicy interface:
using System;
using System.IO;
using System.Net;
using System.Security.Cryptography.X509Certificates;
using System.Text;
 
public class HttpWebRequestClientCertificateTest : ICertificatePolicy {
 
    public bool CheckValidationResult (ServicePoint sp, X509Certificate certificate,
            WebRequest request, int error)
    {
            return true; // server certificate's CA is not known to windows.
    }
 
    public void RunClient(string certficatepath, string password=null)
    {
            string host = "https://localhost:1234/";
            if (args.Length > 0)
                    host = args[0];
 
            X509Certificate2 certificate = null;
            
            certificate = new X509Certificate2 (certficatepath, password);
            ServicePointManager.CertificatePolicy = new HttpWebRequestClientCertificateTest ();
 
            HttpWebRequest req = (HttpWebRequest) WebRequest.Create (host);
            if (certificate != null)
                    req.ClientCertificates.Add (certificate);
 
            WebResponse resp = req.GetResponse ();
            Stream stream = resp.GetResponseStream ();
            StreamReader sr = new StreamReader (stream, Encoding.UTF8);
            Console.WriteLine (sr.ReadToEnd ());
    }
}
  Permalink  
v3
Comments
Mathlab at 14-Sep-12 9:18am
   
I took a look at your code and it does seem as if you have tested it properly before sending it you have logical errors
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

I had a problem with the service point manager where the certificate was not trusted on the server that I tried to access.
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 350
1 Sergey Alexandrovich Kryukov 310
2 Maciej Los 155
3 Peter Leow 140
4 Dave Kreskowiak 115
0 Sergey Alexandrovich Kryukov 8,676
1 OriginalGriff 6,855
2 Maciej Los 3,322
3 Abhinav S 3,238
4 Peter Leow 3,034


Advertise | Privacy | Mobile
Web03 | 2.8.150414.5 | Last Updated 2 Nov 2012
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100