如何在Windows Server 2008 R2 Enterpresi和.NET中的Web应用程序上设置TLS证书？

Question

Good Morning

I would like your help. First all I want to say that I am new in .NET and I want to learn daily.

I have one web application that connects to a Gateway to process payments. The company that manages the gateway changes their TLS certificate to TLS 1.2 and now I need to change this on the server and maybe in the web application was developed using .NET (C# code).

I research and I spent more time to discover How can I do that but really I don't find a clear example where should I make exactly the changes?

I found in stackoverflow this link " TLS 1.2 in .NET Framework 4.0 " and I'm following the instruction but I don't have clear in the code Should I implement the changes?.

Please, I appreciate any suggestions.

Also, I would like to share some information that could be relevant in my case.

Details. Case: From March I can not process payments.

Other information 1. I read some links but it hard to me change the code because in production I have a compiled version. 2. I can not compile from the Dev environment because these are not the same version. **I have a source but unfortunately, the version in production is different with the version in production. 3. where should I change the TLS in production environment?.

about technical information. 1. I am using .NET 4.0 - Windows Server 2008 Enterprise - SQL Server 2008. 2. I reviewed the regedit for the vars that mention in the link above and I can see the vars; then I could say that I have ready setup the vars according to TLS 1.2. 3. The last Friday I restarted the server but I continue with the problem.

Thanks

REG.

Answer 1

I am using .NET 4.0 - Windows Server 2008 Enterprise - SQL Server 2008. 2. I reviewed the regedit for the vars that mention in the link above and I can see the vars; then I could say that I have ready setup the vars according to TLS 1.2. 3. The last Friday I restarted the server but I continue with the problem.

Install Windows updates on the server, make sure to install a newer version of the .NET Framework such as 4.5 (via Windows update or here and here ). A newer certificate might require you to install Windows updates or installing an additional certificate to the certificate store in order for it to be accepted. Review IIS AppPool settings and make sure it is actually running at least .NET 4.0.

when I was hired here I found old sources vs the current version in production plus the version in production is compiled

Since you have at least a portion of the source code you have to ask yourself (and your boss) the difficult question whether or not you should rewrite the lost parts or try to recover some of it by copying pages from the production environment to your development enviroment and using a decompiler such as dotPeek , justdecompile and ILSpy . Both options involve a lot of manual work, mostly because recovery via decompilation is not perfect and is going to produce many errors, a rewrite on the other hand is very costly because of the time involved.

Secondly you should immediatly setup a version control system by using modern tools such as git. There are many offers available on the internet that allow you to host private source code for a small fee or completly free (eg Bitbucket , GitLab , among others).

Once you have decided wether or not you are going to recover or rewrite you can use the source code that you already have as a baseline. Try to add some changes from the decompiled sources and pages from production or begin to rewrite parts of the most crucial features and iterate.

If not done already try to install a SQL Server Express and tools on your development machine and copy the structure of the tables from the production environment so that the current (old) version will start on your development machine and you can verify that it works locally without the need of the production environment.

You should also verify if you can install Windows updates and newer versions of the .NET Framwork and IIS so that your development machine and the production environment run roughly the same version of the .NET Framework. Microsoft offers advice on which versions are supported by which operating system here , If you are using an old version of IIS, version 10 can be found here .

If the certificate used by the payment gateway is too new, it could also be the case that you need to install Windows updates or an additional certificate to the windows certificate store.

Furthermore I would suggest that you setup your development machine so that you can test the payment gateway (eg with a fake product). Try to imitate the most crucial parts and make sure the .NET version you are developing locally is compatible with version constraints of your IIS version.

Alternatively try to setup a minimal development environment on the production environment eg using SharpDevelop or LinqPad and write a little bit of C# code that you can quickly execute to see if you fixed it.