I have C# HTTPS API server running on the local IP address. The idea is to call API methods from different IP address from the same subnetwork and authenticate using certificate. So, I issued self-signed CA certificate and client certificate. When I run application on localhost everything works well. But when I issued new certificate for IP address I use, the app runs using localhost certificate and client shows me that certificate is not trusted. I added test domain to the hosts file and linked it to my IP address - but when I issued CA certificate for this domain browser opens endpoints using localhost certificate.
How to tell .NET application which certificate to use? Why even after I added test.com domain to the hosts file and issued CA cert for that domain, when I run application and open in browser test.com, it opens my app but shows cert for the localhost and tells that connection is not trusted?
Related
I have a Webservice running.
I have t0 access it with ip like "https://192.168.0.1:port/webservice" because the clients possibly have no DNS Server configured and i must not edit hosts File.
The Certificate is signed for the Webservice Hostname.
Its working fine, but certificate validator rejects hostname.
With Validationcallback it works normally.
Unfortuanally there is on Environement were I guess a paranoid Firewall or a Windowssetting which rejects the Certificate before my Callback can handle it.
With (testwise) Hosts Entry on Client Side it works.
Is there a way to 'fake' the ip by bypassing System DNS resolver and give an own IP for the endpoint but keep the requested URL like "https://webservice.mydomain.com:port/anything"?
I am required to create a two way mutual handshake between a desktop client and WCF Service. I am using a Let's Encrypt Server Certificate on my Server but open to use Self Signed Certificate as well.
I wish to generate a Client Certificate and install it on the client's machine after successful authentication via OTP. The idea is to authenticate/authorize the desktop app for further communication with the server.
After few of my research I found that OpenSSL.Net enable to create certificates.
I'm using a Winforms client to connect to a WCF service hosted in IIS. The Winforms application will be available to customers to download and install on their computers. The customers have to login to the application using their username/passwords. I want a secure HTTPS enabled communication between the client application and the WCF. What is the best practice to provide such a functionality? Should I use client certificates or just a server certificate? Any input is much appreciated.
Thanks.
You have to have a server certificate.
If you want stronger authentication you can use client certificates. There is an administration of certificates overhead and potentially other costs to that though: Using certificates from a provider, generating them yourself, maintaining list of revocations and so on.
As you already authenticate the user with password, client certificate authentication is not needed. To ensure the communication is secured use a self-signed server certificate. In case if the clients needs to verify that they are connecting to the correct server then you need to get a signed certificate from a third party CA like verisign which could cost you atleast 100$.
I need to provide mutual authentication using TLS protocol in my server-client communication. Now under development, client and server run on the same machine. My colleague created one certificate (.pfx file) for me. As it is a two-way authenticate, server and client have to authenticate each other.
This thread Mutual authentication in SSL/TLS discussed in which certificate store a certificate should be located on server side or client side. Now I am confused, as I only have one certificate, I dont know whether it is a client certificate or a server certificate, Can I use one certificate for both, if so where should I locate this certificate for both server and client ?
Thank you for your help !
You can use certificate for both ways, however what's the problem to generate standalone certificate (even self-signed) for client authentication?
In the same way as IE handles the client certificate authentication procedure, I would like to do the same from an installed .Net client app that connects to our web server which has been setup for requiring client certificates.
I know how to open the Select Certificate UI allowing the user to select a client certificate from a list of those that are installed, and then add the certificate to the outgoing HttpWebRequest.
What I can figure out is:
How to determine when a client certificate is required by the server. It's not in the HttpResponse. The status code is 403 but I can't read the substatus.
How to then filter the client certificates in the UI to list only those that are valid based on the server certificate (issued by?).
Thanks in advance.