Click here to Skip to main content
15,877,168 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
I'm trying to connect to a server coded using C++ and an openssl wrapper. I'm using C#. The server has provided me with:
1. A certificate (.crt - header of "-----BEGIN TRUSTED CERTIFICATE-----")
2. A private, encrypted key (.key - header of "-----BEGIN ENCRYPTED PRIVATE KEY-----"). This key is reported to be an AES 256 CBC encrypted key.
3. A ca-chain.pem file containing two "-----BEGIN TRUSTED CERTIFICATE-----" headers.

I cannot for the life of me figure out how to generate an X509Certificate2 object to provide in the SslStream.BeginAuthenticateAsClient call. Being a novice at secure sockets, I'm not familiar with how to use the chain file or certificate nor can I find anything on the use of an AES encrypted private key.

Can anyone provide an example to look at or an explanation of how these three files play together when authenticating as a client?

It should be noted that the openssl s_client connection works using the three files. Replicating the command in C# is what I'm trying to do.

What I have tried:

1. I've tried using openssl to create a pfx file (reported to be the combination of the crt, key, and pem files) and use that to load the X509 certificate. The remote party (server) closes the transport stream immediately.
2. I've used openssl to create a pfx file from the server's crt and key file, used it in a TcpListener authentication process and it complains about the client and server not possessing a common algorithm. That doesn't make sense if I can connect the two sides using openssl command line commands.
Posted

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900