I trying to mutually authenticate with a server.
X509Certificate2 certificate = new X509Certificate2(@"path", "passwd");
X509Certificate2Collection certificateCollection = new X509Certificate2Collection();
certificateCollection.Add(certificate);
TcpClient tcpClient = new TcpClient();
SslStream sslStream;
tcpClient.Connect(ip, port);
sslStream = new SslStream(tcpClient.GetStream());
try
{
sslStream.AuthenticateAsClient(hostname, collection, SslProtocols.Tls, false);
}
catch (Exception e)
{
string s = e.Message;
}
And the client throws a Exception with the Message "A Call to SSPI Failed, see inner exception". The innerexception is a System.ComponentModel.Win32Exception with the Message "The message received was unexpected or badly formatted."
Q: How does the client authenticate the server, solely based on it's CN ? (supplied hostname ) doesn't it need the server certificate also ?
Q: When loading the client certificate, should I supply a .p12 containing the client certificate and private key ?
Q1: It requires the server certificate as well, unless another authentication than X5.09 is configured.
Q2: Yes, you would need a certificate and access to a private key. If those are contained in a PKCS#12 depends on the implementation, but a PKCS#12 format is normal for implementations in software.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.