HttpClient isn't using Client Certificate for Mutual TLS Auth
Question
Question
Why will my HttpClient instance not use my provided client certificate for mutual auth?
Background
I'm using HttpClient to do mutual TLS. As the client, I'm adding a client certificate to a WebRequestHandler and then using that handler in the new HttpClient.
The certificate is not installed on my machine. I've successfully loaded it into the handler and can see it when debugging (the password is correct, too).
I'm testing against a couple of different test domains
- https://client.badssl.com/ - this looks for client auth using the cert found here . This is the cert I'm currently using
- https://prod.idrix.eu/secure/ - this one simply spits back out any client cert presented.
Both testing apps are showing no cert is being sent.
Code
var clientCert = new X509Certificate2("badssl.pem", "badssl.com");
var webHandler = new WebRequestHandler();
webHandler.ClientCertificates.Add(clientCert);
var httpClient = new HttpClient(webHandler);
var result = await (await httpClient.GetAsync(uri)).Content.ReadAsStringAsync();
1 answers
solution1
3 ACCPTED 2018-12-11 07:58:03
The X509Certificate2 class doesn't look to be reading in the private key from the PEM cert.
var clientCert = new X509Certificate2("badssl.com-client.pem", "badssl.com");
if(!clientCert.HasPrivateKey)
throw new ApplicationException("Cert doesn't contain private key");
Does throwing an error.
In the case of badssl.com, they do have a PKCS #12 cert available (aka PFX). I was able to get your code to work with that cert.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.