|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
SslStream and Certificates - Not Supported Exception.SSL to send and receive a simple message. I've based this on the code on the MSDN site - http://msdn2.microsoft.com/en-us/library/system.net.security.sslstream.aspx - and I'd like to end up with something that sends this text and a response in encrypted form, between an authenticated client and an authenticated server. I keep getting an error though - "The server mode SSL must use a certificate with the associated private key." I've used MakeCert to create a .cer file. The command I used was: makecert -n "CN=Joe Bloggs" test.cer The relevant code being run (as a server) is: static void Main(string[] args) { X509Certificate cert = X509Certificate.CreateFromCertFile("test.cer"); TcpListener tcpServer = new TcpListener(IPAddress.Any, 9988); tcpServer.Start(); while (true) { TcpClient tcpClient = tcpServer.AcceptTcpClient(); SslStream sslStream = new SslStream(tcpClient.GetStream(), false); try { sslStream.AuthenticateAsServer(cert); .... The exception is beign raised at AuthenticateAsServer(). I can inspect the 'cert' variable, and it seems to contain my certificate (certainly, the name 'Joe Bloggs' is in it). I guess my problem must be in the key, but I'm really not sure what - could someone shed some light on this. Hello!
You wrote on 18 Dec 2006 03:46:53 -0800: a> I keep getting an error though - "The server mode SSL must use a a> certificate with the associated private key." I've used MakeCert to a> create a .cer file. The command I used was: ..cer file doesn't contain a private key. You need to obtain a private key or export the certificate and the private key to PFX. With best regards, Eugene Mayevski http://www.SecureBlackbox.com - the comprehensive component suite for network security Using makecert, I got it to work using the info on this page:
http://blogs.technet.com/jhoward/archive/2005/02/02/365323.aspx I also got it to work using a local CA-signed cert I made in openssl following the details on this page: http://sial.org/howto/openssl/ After I had the CA-signed cert, I added the private key to the file $ cat serverkey.pem >> servercert.pem and then converted this cert/pkey combo into p12 format for importing into the windows key store: $ openssl pkcs12 -export -in servercert.pem -out servercert.p12 -name "secure.myserver.com" I then was able to import this in the key store using the certificates MMC snap-in. T awbu***@gmail.com wrote: Show quoteHide quote > I'm trying to knock up a simple demonstration for myself to try using > SSL to send and receive a simple message. I've based this on the code > on the MSDN site - > http://msdn2.microsoft.com/en-us/library/system.net.security.sslstream.aspx > - and I'd like to end up with something that sends this text and a > response in encrypted form, between an authenticated client and an > authenticated server. > > I keep getting an error though - "The server mode SSL must use a > certificate with the associated private key." I've used MakeCert to > create a .cer file. The command I used was: > > makecert -n "CN=Joe Bloggs" test.cer > > The relevant code being run (as a server) is: > > static void Main(string[] args) { > X509Certificate cert = > X509Certificate.CreateFromCertFile("test.cer"); > TcpListener tcpServer = new TcpListener(IPAddress.Any, > 9988); > tcpServer.Start(); > > while (true) { > TcpClient tcpClient = tcpServer.AcceptTcpClient(); > SslStream sslStream = new > SslStream(tcpClient.GetStream(), false); > try { > sslStream.AuthenticateAsServer(cert); > ... > > The exception is beign raised at AuthenticateAsServer(). I can inspect > the 'cert' variable, and it seems to contain my certificate (certainly, > the name 'Joe Bloggs' is in it). > > I guess my problem must be in the key, but I'm really not sure what - > could someone shed some light on this. 
Other interesting topics
Impersonating when creating a process from inside a SQL Server Assembly
GetOwner and IdentityNotMappedException SecurityException: Request failed in LoadControl AES with SslStream token elevation Recognising user by their Network login Role-based-Security... just switch it off Validate Signed XML against X.509 Certificate in .NET Validate Signed XML against X.509 Certificate in .NET Config Info in DMZ |
|||||||||||||||||||||||
