Posts

Showing posts from 2014

Mutual SSL Handshake .NET, SSL Client Authentication

Few days back I was working on this Mutual SSL Handshake Issue. I was stuck on this for quite sometime. Lack of information and very limited number people actually using this, caused me to work for lot of hours, which was supposed to be a very tiny piece of work. I was supposed to talk to a webserver from my webserver (IIS 7.5) using the SSL certificate client authentication. Because of limited information out there I figured few things on my own and thought of creating this blog about it so that people who are working on this can get some benefit out of it. Client certificate should have following Key Usages. Digital Certificate, Key Encipherment and extended usage of Client Authentication. The private key should be exportable and not protected. The root signers of your certificate should be on the target webserver’s trust store. Server certificate’s root signers should be on your server’s trust store. You don’t need to import your certificate to your certificate store. In