HttpWebRequest client certificate private key problem (VB.NET 2002)
Andreas Birgerson
secure authenticated channel (https)?
I have a valid client certificate with a corresponding private key. The
certificate is in x509 format (.CER) and the .cer file contains the private
key. I converted the .cer file to .pfx (PKCS#12) with the OpenSSL utility
and this file I can import into the certificate store in the operating
system and it shows up as valid and having a corresponding private key (the
.cer file however imports ok but does not import the private key)
After this If I try to surf (IE) to the URL in question I get a popup where
i can select my client cert from a list (only one item) and after selecting
it the request goes through ok.
The X509Certificate.CreateFromCertFile works well enough (no runtime error)
when used with the .CER file (x509 format) but the SSL/TLS channel is not
established, i guess because the private key is never imported.
There seems to be no "events" of the HttpWebRequest that I can hook in to to
interpret or log the progress as the connection is made.
The functions CreateFromSignedFile and CreateFromCertFile are extremely
poorly documented, it's the same in both the MSDN Jan 2003 library and MSDN
online.
If I try to import the .PFX file with the above fucntions i get runtime "The
form specified for the subject is one not supported or known by the
specified trust provider" - i guess since the file is no longer in X509
format.
Q1- What kind(s) of file(s) does the CreateFromSignedFile accept? Is there
any more documentation about this?
Q2- Is there no way to use the certificates in the certificate store in the
OS for the HttpWebRequest.ClientCertificates?
Q3- Which function should i choose - CreateFromSignedFile or
CreateFromCertFile? What file format?
Q4- Why can a session not be established when i use
CreateFromCertFile("c:\rsvsvc\sema.cer")
Q5- Web Services Enhancements 1.0 for Microsoft.NET seems only to be an
addition to ASP.NET not to the SDK?
Dim myReq As HttpWebRequest =
WebRequest.Create("https://137.60.48.2:8443/servlets/DDServlet")
Dim mycert = New
System.Security.Cryptography.X509Certificates.X509Certificate(System.Securit
y.Cryptography.X509Certificates.X509Certificate.CreateFromSignedFile("c:\rsv
com\sema.cer"))
'or use CreateFromCertFile("c:\rsvsvc\sema.cer") ??
myReq.ClientCertificates.Add(mycert)
Adarsh Khare [MS]
HttpWebRequest with given client certificate, HttpWebRequest looks into the
certificate store and corresponding certificate must be installed in user
store. Whenever you need to use client certificates, it must be installed,
currently there is no way to use uninstall certificates. Keeping private key
separately in file is also considered as insecure way of storing the
certificate.
What you have to do is
1) Install certifificate using your pfx file,
2) Export the certificate as .Cer file (do NOT export private key),
3) pass the exported .Cer file to CreateFromCertFile method, everything
should work now
thanks,
adarsh
--
Please do not send email directly to this alias. This alias is for newsgroup
purposes only.
This posting is provided \"AS IS\" with no warranties, and confers no
rights.
"Andreas Birgerson" <and...@removethis.sema.se> wrote in message
news:uHSOFmY3...@TK2MSFTNGP11.phx.gbl...