stackoom
  简体   繁体   中英

C# SSL server mode must use a certificate with the corresponding private key

 原文  2014-04-13 16:00:52       c#/ ssl/ https/ x509certificate/ handle

Question

I'm going to learn how to handle HTTPS traffic in C# as server-side and as for the first steps I've got some troubles.

Here is some code ( http://pastebin.com/C4ZYrS8Q ):

class Program
{
    static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
        if (sslPolicyErrors == SslPolicyErrors.None) return true;
        Console.WriteLine("Certificate error: {0}", sslPolicyErrors);
        return false;
    }

    static void Main()
    {
        var tcpListener = new TcpListener(IPAddress.Parse("127.0.0.1"), 8080);
        tcpListener.Start();
        var clientAccept = tcpListener.AcceptTcpClient();
        Thread.Sleep(1000);

        if (clientAccept.Available > 0)
        {
            var sslStream = new SslStream(clientAccept.GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null);
            var certificate = new X509Certificate("path\server.pfx", "password");
            sslStream.AuthenticateAsServer(certificate);
        }

        Console.ReadLine();
    }
}

Don't argue! :) It's the test code only where I just want to achieve some basic steps with the SSL handling in C#.

So... The problem occurs at this line:

sslStream.AuthenticateAsServer(certificate);

在此处输入图片说明

From Russian it translates as:

  • SSL server mode must use a certificate with the corresponding private key.

I thought, that I've made my X509 certificate incorrect, but checked again:

makecert.exe -r -pe -n "CN=localhost" -sky exchange -sv server.pvk server.cer
pvk2pfx -pvk server.pvk -spc server.cer -pfx server.pfx -pi <password>

And seems to be that all is fine with the X509 creation, and other proof is this line works fine:

var certificate = new X509Certificate("path\server.pfx", "password");

And program didn't throw an exception on the line above.

So, what's the problem with the SSL hanlding in my code and how can I handle incoming SSL stream as server-side?

1 answers

solution1
 13 ACCPTED  

All is fine, the answer is to use X509Certificate2 class instead of X509Certificate .

And to add to the trust list your created certificate.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question The server mode SSL must use a certificate with the associated private key - during TLS handshake SslStream.AuthenticateAsServer throws The server mode SSL must use a certificate with the associated private key SslStream.AuthenticateAsServer exception - The server mode SSL must use a certificate with the associated private key Get "The server mode SSL must use a certificate with the associated private key." error in X509Certificate2 by use .cer instead of .pfx Providing an EC private key to certificate for use in HttpClient C# SSL certificate and private key (RSA) Cannot import certificate pfx with private key to store from .net c# 3.5 on windows server 2012 How can I use an X.509 certificate with private key from the android keychain in C#/Xamarin? Adding a private key to X509Certificate2 - C# Combining Public Certificate with Private RSA Key in C#
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM