I am using managed OpenSSL wrapper for mutual authentication in my project. What I have done till now is sent the client certificate by calling .Net's AuthenticateAsClient function of SslStream and I am getting server certificate along with 3 chain certificate in callback functions from server. But I don't know what to do with this server certificate. Now I have two questions:
Why am I getting error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate error when I am calling AuthenticateAsClient function even if I have Root CA installed on local machine?
How to add server certificate which I have got in callback function from server into key store using managed OpenSSL or what else need to do with this server certificate to finish mutual authentication?
Can anyone please help me to complete this mutual authentication process using OpenSSL.
Related
We have a client that has their own PKI infrastructure and assigns private certs to use as SSL client authentication for application access to their rest APIs.
I need to be able to use a client cert with SslStream and not have it choke that it is not trusted. Users will not be educated enough to know how to add CA certs to their local trusted cert store. Plus, most would not have the access to do so either.
The client application is being written in .Net 4.6.1
What do I need to do to get SslStream not to throw an exception with an locally untrusted client certificate?
Have you looked at the constructor that accepts a certificate validation callback method? https://msdn.microsoft.com/en-us/library/ms145057(v=vs.110).aspx Seems like that's what you are asking to do.
I am required to create a two way mutual handshake between a desktop client and WCF Service. I am using a Let's Encrypt Server Certificate on my Server but open to use Self Signed Certificate as well.
I wish to generate a Client Certificate and install it on the client's machine after successful authentication via OTP. The idea is to authenticate/authorize the desktop app for further communication with the server.
After few of my research I found that OpenSSL.Net enable to create certificates.
I need to provide mutual authentication using TLS protocol in my server-client communication. Now under development, client and server run on the same machine. My colleague created one certificate (.pfx file) for me. As it is a two-way authenticate, server and client have to authenticate each other.
This thread Mutual authentication in SSL/TLS discussed in which certificate store a certificate should be located on server side or client side. Now I am confused, as I only have one certificate, I dont know whether it is a client certificate or a server certificate, Can I use one certificate for both, if so where should I locate this certificate for both server and client ?
Thank you for your help !
You can use certificate for both ways, however what's the problem to generate standalone certificate (even self-signed) for client authentication?
I need an encrypted communication between C# and PHP to send HttpWebRequest's and download files from the server. Is that possible without buying a certificate for https? I think a certificate should'nt be needed in my case, isn't it? What do you recommend to use?
If you control both ends, you can generate your own certificate and manually check that the server is using the expected one. It's in the case where the client wants to verify that the server is using the correct certificate that you need the functionality provided by a certificate authority.
Normally, the certificate is loaded into the web server and the encryption/decryption is invisible to any code running on the server. I would be very surprised if you could do it with just "php stuff".
In the same way as IE handles the client certificate authentication procedure, I would like to do the same from an installed .Net client app that connects to our web server which has been setup for requiring client certificates.
I know how to open the Select Certificate UI allowing the user to select a client certificate from a list of those that are installed, and then add the certificate to the outgoing HttpWebRequest.
What I can figure out is:
How to determine when a client certificate is required by the server. It's not in the HttpResponse. The status code is 403 but I can't read the substatus.
How to then filter the client certificates in the UI to list only those that are valid based on the server certificate (issued by?).
Thanks in advance.