SSL certificates

  • Thread starter Thread starter Giulio Petrucci
  • Start date Start date
G

Giulio Petrucci

Hi there,

I'm writing a client app, connecting to a web-service over a https://
connection. Everything seems to work fine but... where does the .NET fw
load the proper SSL certificate from? From the remote serer (just like a
browser)?

thanks in advance,
Giulio - Italy
 
Hello!
You wrote on Tue, 04 Mar 2008 18:34:54 +0100:

GP> I'm writing a client app, connecting to a web-service over a https://
GP> connection. Everything seems to work fine but... where does the .NET fw
GP> load the proper SSL certificate from? From the remote serer (just like
GP> a browser)?

Are you asking about server's certificate or the ceritificate used for
client-side authentication?
The server identifies itself with it's certificate and you need to validate
it (.NET does this for you in some way).
If you need to identify youself, then the certificate is taken from the
local storage (probably you can provide your own, but I don't know the
details).

In general you will find the description of how SSL works here: http://eldos.com/sbb/articles/1948.php

With best regards,
Eugene Mayevski
http://mayevski.blogspot.com/
 
Hi Eugene,

first of all: thank you for your reply!

Eugene Mayevski ha scritto:
Are you asking about server's certificate or the ceritificate used for
client-side authentication?

Client-side.
I suppose it works just like for the browser, doesn't it? The client
connects to an https:// URL, and the server provides the client with its
certificate. Right?
In general you will find the description of how SSL works here:
http://eldos.com/sbb/articles/1948.php

Thanks for the link!

Kind regards,
Giulio - Italia
 
Hello!
You wrote on Wed, 05 Mar 2008 14:23:45 +0100:

??>> Are you asking about server's certificate or the ceritificate used for
??>> client-side authentication?
GP> Client-side.
GP> I suppose it works just like for the browser, doesn't it? The client
GP> connects to an https:// URL, and the server provides the client with
its
GP> certificate. Right?

Not at all. Either you are mixing the client-side authentication with what
you see, or one of the above.

Client-side authentication is when the client tells the server, who the
client is. This type of authentication is used relatively rarely (comparing
to regular HTTPS communication). The certificate used for a client-side
authentication is the property of the client. It's stored either in Windows
Certificate storage or in hardware (cryptocards and USB cryptotokens). When
you connect to the server that requires client-side authentication, system
components of Windows (if you use HttpWebRequest class) attempt to choose
the certificate to use in authentication among the certificates located in
Windows Certificate storage. As said, probably you can specify other
certificate (for example the one you loaded from PFX file).

With best regards,
Eugene Mayevski
http://mayevski.blogspot.com/
 
Hi Eugene,

Eugene Mayevski ha scritto:
Not at all. Either you are mixing the client-side authentication with
what you see, or one of the above.

Client-side authentication is when the client tells the server, who the
client is. [cut]

Ok, got it.
So I thought I was talking about it but I wasn't! ;-)
Actually my scenario is really simple: I have a client application wich
must query a remote webservice over an https connection. No cliend-side
auth needed, the only certificate acting in this scenario is the server one.
In this case, is it correct to say that my client app receives the
certificate from the server?
As said, probably you can specify other certificate (for
example the one you loaded from PFX file).

Don't get it.
Could you link me to any reference-or-code-snippet?

Thanks in advance,
Giulio
 
Hello!
You wrote on Wed, 05 Mar 2008 15:13:52 +0100:

GP> one. In this case, is it correct to say that my client app receives the
GP> certificate from the server?

Yes, the certificate is sent by the server.

??>> As said, probably you can specify other certificate (for
??>> example the one you loaded from PFX file).
GP> Don't get it.
GP> Could you link me to any reference-or-code-snippet?

You don't need it if you don't use client-side authentication

With best regards,
Eugene Mayevski
http://mayevski.blogspot.com/
 
Back
Top