stackoom
  简体   繁体   中英

Validate certificate TLS/SSL Server

 原文  2014-04-25 23:59:41       c#/ .net/ networking/ ssl

Question

I have been attempting to create an SSL server that loads a certificate from a .crt. I have tried both X509Certificate.CreateFromCertFile(@".\\Secure\\Certificate\\" + CertName + ".crt"); and the cert.import, and neither works. On both, I get an issue saying "The server mode SSL must use a certificate with the associated private key". And the key is there! My directory: 

Secure/
    Certificate/
        ZeusHTTP.crt
        ZeusHTTP.csr
        ZeusHTTP.key
    Plugins/
        ...

The certs are created with OpenSSL.

2 answers

solution1
 1 ACCPTED  2014-04-26 00:06:14

A simple read of the docs tells us that you should be using a pkcs7 file that usually has file suffix p7b. You'll need to either convert your OpenSSL cert to this format, or find a utility that can generate one from scratch.

solution2
 0  2014-04-27 01:13:11

The server mode SSL must use a certificate with the associated private key". And the key is there...

As other have stated, they must be in the same file. Here are the steps to do it.

First

Copy ZeusHTTP.crt to ZeusHTTP-chain.crt : 

cp ZeusHTTP.crt ZeusHTTP-chain.crt

Second

Open ZeusHTTP-chain.crt and ensure it has all the intermediates certificates required to validate the server certificate. So you will have 2 or more certificates: 

-----BEGIN CERTIFICATE-----
<server certificate>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<intermediate certificate>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<intermediate certificate>
-----END CERTIFICATE-----

Add certificates as required. For example, if you got a free Startcom certificate, then you need to add the sub.class1.server.ca.pem intermediate from StartSSL's Index of Certs .

Sending all certificates is required to solve the "which directory" problem in PKI. Its a well known problem in PKI, and essentially it means a client does not know where to go to fetch missing intermediate certificates.

Third

Perform the following to generate a PKCS 12 file: 

openssl pkcs12 -export -in ZeusHTTP-chain.crt -inkey ZeusHTTP.key -out ZeusHTTP.p12

Fourth

Finally, install the certificate on IIS as a test.

For your code, I believe you need to load it into a Certificate2 and not a Certificate .

Also see How to read a .p12 file in my web service on Stack Overflow and how to create x509 certificate and use it in sslstream on MSDN.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to validate server SSL certificate for LDAP+SSL connection Validate SSL Certificate How to validate remote ssl certificate? The server mode SSL must use a certificate with the associated private key - during TLS handshake C# consume ws-security webservice with ssl and server certificate Could not establish secure channel for SSL/TLS with authority how do you validate the digital certificate SSL? How to validate a SSL certificate with C# SSIS SecurityNegotiationException: could not establish secure channel for SSL/TLS (no certificate) c# proxy ssl / tls passthrough without certificate Selfhosted server and SSL communication over TLS
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM