Hello Dear all,
Questions:
1.How to let my client certificate authenticated by CA certificate in c# program(all self-signed)
2.
clientCertificate = X509Certificate.CreateFromCertFile("C:/myclient.crt")
seems only support .cer file(DER format)?
3.How to deal with my client private key in c# ssl client, seems authentication need it as well?
Descriptions:
I wanna modify the ssl socket example in .net website from webpage:
http://msdn.microsoft.com/en-au/library/system.net.security.sslstream(v=vs.90).aspx
I want the client need to authenticate itself.
The server/client/CA certificate are all self-signed.
I first solve the certificate name checking make it valid on server with:
if (chain.ChainStatus.Length == 1)
{
if (sslPolicyErrors == SslPolicyErrors.RemoteCertificateChainErrors || certificate.Subject == certificate.Issuer)
{
if (chain.ChainStatus[0].Status == X509ChainStatusFlags.UntrustedRoot)
{
Console.WriteLine("Server Certificate from Self-signed root CA");
return true;
}
}
}
But I have problem with authenticate the client certificate, which is I don't know how to set the CA certificate for authenticating.
My server is a python ssl server so there is no problem with this issue.
Thus, I authenticate the client with:
try
{
sslStream.AuthenticateAsClient("servername", certs, SslProtocols.Ssl3, true);
}
And set certs above with:
clientCertificate = X509Certificate.CreateFromCertFile("C:/myclient.crt");
X509CertificateCollection certs = new X509CertificateCollection();
certs.Add(clientCertificate);
But it not work, and I think is my CA certificate not authenticate it.
Could anyone tell me how to set the CA certificate for authenticating client?
And what about my client private key in authentication procrss?
Any tips welcomed and appreciated.
Thank you very much!!
Regards.
Kay