Click here to Skip to main content
15,881,139 members
Search within:


SSL Client Certificates
Please Sign up or sign in to vote.
1.00/5 (2 votes)
See more:
SSL
certificate
I am having trouble with my project, when i add the client certificates to my requests (sslstream or httpwebrequest) they end up being null on the other end of the request. Does anyone have any ideas?

Code Sample:


C#
           public void RunClient()
            {
                string machineName = "my-loaner.myworld.local";
                string serverName= "clientmachine";
                //get the client certificate from the store on the local machine               
               xCert = PickCertificate(StoreLocation.LocalMachine, StoreName.My);

               // Load the certificate into an X509Certificate object.
                var xCertColl = new X509CertificateCollection {xCert};

                // Create a TCP/IP client socket.
                // machineName is the host running the server application.
                TcpClient client = new TcpClient(machineName,443);

                //Console.WriteLine("Client connected.");
                // Create an SSL stream that will close the client's stream.
                SslStream sslStream = new SslStream(
                    client.GetStream(),
                    true,
                    new RemoteCertificateValidationCallback(ValidateServerCertificate),
                    null
                    );
                // The server name must match the name on the server certificate.
                try
                {
                    sslStream.AuthenticateAsClient(serverName, new X509CertificateCollection(xCertColl), SslProtocols.Tls, false);
                }
                catch (AuthenticationException e)
                {
                    Console.WriteLine("Exception: {0}", e.Message);
                    if (e.InnerException != null)
                    {
                        Console.WriteLine("Inner exception: {0}", e.InnerException.Message);
                    }
                    Console.WriteLine("Authentication failed - closing the connection.");
                    client.Close();
                    return;
                }
                
                byte[] messsage =Encoding.UTF8.GetBytes("GET /default.aspx?=23 HTTP/1.1\r\nHost: my-loaner.myworld.local\r\nAccept: */*\r\n\r\n");
                // Send hello message to the server. 
                sslStream.Write(messsage);
                sslStream.Flush();
                StreamResponse = sslStream;
                Image2.ImageUrl = WriteRequest();
                // Read message from the server.
               // string serverMessage = ReadMessage(sslStream);
                //Console.WriteLine("Server says: {0}", serverMessage);
                // Close the client connection.
                client.Close();
                Console.WriteLine("Client closed.");
            }
private static X509Certificate2 PickCertificate(
                         StoreLocation location, StoreName name)
        {
            var store = new X509Store(name, location);
            try
            {
                store.Open(OpenFlags.ReadOnly);
                X509Certificate2 cert;
                if(store.Certificates.Count == 1)
                    cert = store.Certificates[0];
                else
                {
                // pick a certificate from the store
                     cert =
                        X509Certificate2UI.SelectFromCollection(
                            store.Certificates, "Caption",
                            "Message", X509SelectionFlag.SingleSelection)[0];
                }
                // show certificate details dialog
               // X509Certificate2UI.DisplayCertificate(cert);
                return cert;
            }
            finally { store.Close(); }
        }
Posted
Updated 10-Sep-12 10:13am
v4
Add a Solution
Comments
Sergey Alexandrovich Kryukov 10-Sep-12 15:34pm    
Hardly, because you did not supply relevant information. I does not qualify as a question, just not yet. How about a code sample? If you can do it, don't reply, just use "Improve question" above.
--SA

2 solutions

Have you enabled client certificates:

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/096519f4-3079-4571-9d28-8e5d286c5ab9.mspx?mfr=true[^]

Some guide lines from MS:
http://support.microsoft.com/kb/901183[^]

Also look at the following code get some initial idea on ICertificatePolicy interface:
C#
using System;
using System.IO;
using System.Net;
using System.Security.Cryptography.X509Certificates;
using System.Text;

public class HttpWebRequestClientCertificateTest : ICertificatePolicy {

    public bool CheckValidationResult (ServicePoint sp, X509Certificate certificate,
            WebRequest request, int error)
    {
            return true; // server certificate's CA is not known to windows.
    }

    public void RunClient(string certficatepath, string password=null)
    {
            string host = "https://localhost:1234/";
            if (args.Length > 0)
                    host = args[0];

            X509Certificate2 certificate = null;
            
            certificate = new X509Certificate2 (certficatepath, password);
            ServicePointManager.CertificatePolicy = new HttpWebRequestClientCertificateTest ();

            HttpWebRequest req = (HttpWebRequest) WebRequest.Create (host);
            if (certificate != null)
                    req.ClientCertificates.Add (certificate);

            WebResponse resp = req.GetResponse ();
            Stream stream = resp.GetResponseStream ();
            StreamReader sr = new StreamReader (stream, Encoding.UTF8);
            Console.WriteLine (sr.ReadToEnd ());
    }
}
 
Share this answer
 
Posted
Updated 10-Sep-12 16:53pm
v3
Comments
[no name] 14-Sep-12 9:18am    
I took a look at your code and it does seem as if you have tested it properly before sending it you have logical errors
I had a problem with the service point manager where the certificate was not trusted on the server that I tried to access.
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
SSL Certificate Error
SSL Certificates in VB.NET
WCF and https SSL certificates : "The client certificate is not provided."
Client Certificates in WinHTTP
Error: SSL certificate problem: unable to get local issuer certificate
C# consume wsdl with SSL and wssecurity with certificates
open an ssl certificate
Client and Server SSL authentication
create ssl certificate
ssl certificate issue

Advertise
Privacy
Cookies
Terms of Use
Last Updated 21 Aug 2022
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web04 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900