Re: Client Certificate not reaching server

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 10/13/04


Date: Wed, 13 Oct 2004 14:32:44 -0500

What happens is that when you attach the client certificate to your request,
the underlying code will try to find the private key for that certificate in
a key store on your machine. If it finds the key, then it can do client
certificate authentication. If it can't then client certificate
authentication doesn't work.

This is what you are seeing. You are adding a certificate to the request
but don't have the private key, so the client code fails to find it and
doesn't try to do client certificate authentication with the server. Thus
the server doesn't see a client certificate from the request.

When you think about this, it makes sense. If a client certificate can be
used for authentication, then it would make sense that you would need to
have the private key to prove that certificate is yours. The certificate is
public data, so it can't be used to prove your identity by itself.

The larger question I have is if you need to just use SSL with the server
certificate or if they really want you to do client authentication. Is the
cert they gave you for your client or for the server?

Joe K.

"NRao" <NRao@discussions.microsoft.com> wrote in message
news:0315A66B-CFA7-481C-AD9F-044A3DD4A3FD@microsoft.com...
> Joe,
>
> Thank you very much. you explained it very well. But still have doubt. If
> you can explain this that really helps me lot.
>
> I have added certificate from file as bellow. When I see the webReq object
> in quickwatch it shows valid certificate.
>
> X509Certificate clientCertificate =
> X509Certificate.CreateFromCertFile(CERT);
> webReq.ClientCertificates.Add( clientCertificate );
>
> Then I sent the request. On server I look at the
> Request.ClientCertificates.
> There is no certificate. My question is even it is invalid certificate it
> should be present on the server. Right? What happened to the certificate I
> attached. Request ignored that?
>
>
>
>
> "NRao" wrote:
>
>> Hello Everbody,
>>
>> I have a class lib which is accessing a .aspx on web through
>> httpwebrequest
>> and sending xml through post method. Server people provided me a .cer
>> file. I
>> am adding that certificate file to httpwebrequest. But their side they do
>> not
>> find the certificate. I tried following ways
>>
>> 1) Convert the .cer file into binary
>>
>> 2) Imported the .cer file into Certificate store(localcomputer/current
>> user)
>> and exported the certificate into DER format .cer file and tried
>> CreateFromCertFile() method.
>>
>> Can anybody please point right way
>>
>> Also I have few questions.
>> 1) what preventing the certificate to reach server?
>> 2)I added the certificate to httpwebrequest and sent to my test site and
>> there I checked Request.ClientCertificate.IsPresent. But I always get
>> false.
>> Why So? Even if it is not valid certificate should present. right?
>>