Mutual SSL Handshake .NET, SSL Client Authentication

Few days back I was working on this Mutual SSL Handshake Issue. I was stuck on this for quite sometime. Lack of information and very limited number people actually using this, caused me to work for lot of hours, which was supposed to be a very tiny piece of work.

I was supposed to talk to a webserver from my webserver (IIS 7.5) using the SSL certificate client authentication.

Because of limited information out there I figured few things on my own and thought of creating this blog about it so that people who are working on this can get some benefit out of it.
  1. Client certificate should have following Key Usages. Digital Certificate, Key Encipherment and extended usage of Client Authentication.
  2. The private key should be exportable and not protected.
  3. The root signers of your certificate should be on the target webserver’s trust store.
  4. Server certificate’s root signers should be on your server’s trust store.
  5. You don’t need to import your certificate to your certificate store. Instead I recommend to use the .PFX file instead. Because your IIS server’s users don’t have enough permission to read the private key of your certificate. Whereas by using the PFX file we don’t need any permission whatsoever. PFX file contains all the certificates Root, Intermediate, Shared and Client Certificate.

Once the certificate part is done use the following code to perform the Client authentication in code. HttpWebRequest will take care of everything else. Please feel free to comment.


private static void FromFile()
{   
 var certificate = "CertificateFile.pfx";
 var certpwd = "password";
 var URL = "Host_URL";
 var certs = new X509Certificate2Collection();
 certs.Import(certificate, certpwd, X509KeyStorageFlags.DefaultKeySet);

 var webrequest = WebRequest.Create(URL) as HttpWebRequest;

 ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
 ServicePointManager.Expect100Continue = false;
 ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(AlwaysGoodCert);

 webrequest.ClientCertificates.Add(certs[3]);

 webrequest.Credentials = CredentialCache.DefaultNetworkCredentials;
 webrequest.Method = WebRequestMethods.Http.Get;
 webrequest.ContentType = "application/json; charset=utf-8";

 var responseStream = webrequest.GetResponse().GetResponseStream();
}

private static bool AlwaysGoodCert(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslpolicyerrors)
{
 return true;
}

Comments

  1. Anonymous17 July 2023 at 16:02

    Thanks for writing this. It works for me too. :)

    ReplyDelete
  2. Tarık15 August 2023 at 06:20

    Karayolu yurtdışı kargo
    Denizyolu yurtdışı kargo
    Havayolu yurtdışı kargo
    Demiryolu yurtdışı kargo
    Avusturya yurtdışı kargo
    1ZU

    ReplyDelete
  3. Nihan730 September 2023 at 08:40

    Antalya
    Konya
    Adana
    Ankara
    Van
    CSN2YV

    ReplyDelete
  4. DigitalExplorer3144 October 2023 at 14:39

    ankara
    sakarya
    tekirdağ
    kastamonu
    amasya
    AJ2QHT

    ReplyDelete
  5. 818D9Benicio739DB10 November 2023 at 14:00

    9F190
    Ankara Boya Ustası
    Eryaman Alkollü Mekanlar
    Sakarya Şehir İçi Nakliyat
    Diyarbakır Evden Eve Nakliyat
    Ağrı Evden Eve Nakliyat
    Antep Şehirler Arası Nakliyat
    Tokat Parça Eşya Taşıma
     Kırklareli Şehirler Arası Nakliyat 
    Etlik Fayans Ustası

    ReplyDelete
  6. 39B1ADannyAE24911 November 2023 at 14:52

    D2D58
    Muğla Şehir İçi Nakliyat
    Ağrı Parça Eşya Taşıma
    Etlik Boya Ustası
    Antep Evden Eve Nakliyat
    AAX Güvenilir mi
    Sivas Şehirler Arası Nakliyat
    Batman Şehirler Arası Nakliyat
    Konya Şehir İçi Nakliyat
    Adana Evden Eve Nakliyat

    ReplyDelete
  7. 90C37Angelica1033218 January 2024 at 06:29

    978FC
    Twitch İzlenme Hilesi
    Qlc Coin Hangi Borsada
    Twitch İzlenme Satın Al
    Bitcoin Kazanma
    Bonk Coin Hangi Borsada
    Chat Gpt Coin Hangi Borsada
    Kripto Para Madenciliği Nasıl Yapılır
    Bitcoin Kazanma
    Caw Coin Hangi Borsada

    ReplyDelete
  8. 910DEMiranda91CA012 February 2024 at 21:15

    FBDE8
    eigenlayer
    pancakeswap
    thorchain
    bscpad
    shapeshift
    quickswap
    uwulend finance
    avalaunch
    dexscreener

    ReplyDelete
  9. A62B3Melvin4DD0C15 April 2024 at 04:28

    44E31
    ----
    ----
    ----
    ----
    ----
    ----
    matadorbet
    ----
    ----

    ReplyDelete
  10. 735E5Yvette3B71B12 June 2024 at 04:47

    53CCA
    canlı şov

    ReplyDelete
  11. 4E0CAJamie29F9B14 June 2024 at 14:36

    2E46E
    güvenilir ücretli show

    ReplyDelete
  12. 9A322Callie4DCB414 June 2024 at 15:21

    92B36
    görüntülü ücretli show

    ReplyDelete
  13. B30EBCamila3233E11 July 2024 at 15:02

    D756D
    görüntülü şov whatsapp numarası

    ReplyDelete
  14. D4181Brenna7ABAC11 July 2024 at 17:54

    45516
    whatsapp görüntülü show güvenilir

    ReplyDelete
  15. 203665509BJacob074343EE6223 November 2024 at 10:54

    589AFA592A
    ereksiyon hapı
    novagra
    skype show
    sildegra
    görüntülü show
    canli cam show
    skype şov
    sertleştirici
    degra

    ReplyDelete
  16. 7C0B9EA2A3JesseAC9BAFED0024 November 2024 at 08:35

    577C68D242
    yapay kızlık zarı
    telegram show
    green temptation
    vigrande
    themra macun
    lifta
    bayan azdırıcı damla
    whatsapp görüntülü şov
    görüntülü şov whatsapp numarası

    ReplyDelete
  17. 91E349A9B0Valerie23D1A7870E28 November 2024 at 02:08

    2FB8E80C73
    youtube türk beğeni satın al

    ReplyDelete

Post a Comment

Popular posts from this blog

Definitions of Chef, Puppet, Vagrant, and Docker

In my pursuit to help people about DevOps terminologies here are the definitions of Chef, Puppet, Vagrant, and Docker. There are so many others out there. This is my attempt. Chef : Chef is an automation platform to transform your infrastructure into code. It is also called, Configuration Management Software. You can define the state with different parameters as your config files, s/w, tools, access types and resource types, etc. Also, you can configure different machines with different functionality based on your need. Puppet : Puppet is a tool that allows you to abstract specific concepts of the target machine and make the configuration process more operating system agnostic. It allows to install a package or run a background service on startup independently. Define a command, packages those need to installed, step dependencies, file content, and other things you would need to get machine up and running without problems. Vagrant : Vagrant is a project that...
Read more

Infrastructure as Code

Infrastructure as Code Picking up my blogs after a very long time, let’s see how long I last this time. So I decided to write something about a topic which I am hearing a lot, seems like it’s a buzz word these days. “Infrastructure as Code” Infrastructure as Code/Infrastructure automation is the process of scripting environments, from installing an operating system, to installing and configuring servers on instances, to configuring how the instances and software communicate with one another, and much more. By scripting environments, you can apply the same configuration to a single node or to thousands. Infrastructure automation brings agility to both development and operations because any authorized team member can modify the scripts while applying good development practices ·        Such as automated testing and versioning to your infrastructure. Developers can learn a lot from operations, and operations can learn a lot from devel...
Read more