Re: sslstream and certificates

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 05/26/05 

Date: Thu, 26 May 2005 09:46:28 -0500

You need to install the private key into the CAPI keystore. If you have a
p12 or pfx file with the certificate and private key, you can use that to
import them into the key store.

Windows doesn't let you read private keys directly off the file system like
that. It wants to use the CAPI store. When you specify a certificate to
use, it simply uses that as a key to look up that certificate in the CAPI
store and find the associated private key.

HTH,

Joe K.

"Jakob Nielsen" <a@b.c> wrote in message
news:u%231x$5fYFHA.3032@TK2MSFTNGP10.phx.gbl...
> Using net 2.0
>
> I try creating a sslStream from a regular networkstream as folows
>
> Socket clientSocket = serverSocket.EndAccept(result);
> clientSocket.Blocking = true;
> Stream clientStream = new NetworkStream(clientSocket);
> SslStream sslStream = new SslStream(clientStream);
> X509Certificate cert =
> X509Certificate.CreateFromCertFile(@"c:\mycertificate.crt");
> sslStream.AuthenticateAsServer(cert);
>
> The call to AuthenticateAsServer fails with "The server mode SSL must use
> a
> certificate with the associated private key"
>
> What exactly should I put into that message? It needs another kind of
> certificate with the private key embedded?
> I do have a keyfile on the side with one of my certificates, but I can not
> specify it anywhere.
> Another certificate , I am testing with, is from rapidSSL a CA so I assume
> it should be "right".
>
> Has someone else tried setting up a sslStream as server?
>
> Should i somehow put my private key into my certificate? I read somewhere
> that you could concatenate the two files, but that didnt resolve the
> problem.
>
>

Relevant Pages

  • Re: Unable to unwrap a symmetric key using the private key of an X
    ... the certificate (public and private key) is ... installed in the personal store of both local computer and current user and I ... The problem is related to the certificate store on the web service side. ... You installed the certificate in "OtherPeople" store but the policy points ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Client Certificates Issue
    ... "Active Directory User Objects" where the certificate is available, ... the Store Name for that store or, how can I access it using C#.Net code? ... not on your server. ... of the private key for the certificate they provided to the server. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Help please - Can not use/export private key after domain change
    ... You see only one EFS certificate in your private cert store? ... the certificate, also when I view it, it says that I have private key ... Windows XP encrypts the ...
    (microsoft.public.security)
  • Re: Online Only Digital Signature
    ... What's important is not whether the file contains the private key, ... In the above, the certificate is placed into the local machine store, and ... Can you open the cert store, ...
    (microsoft.public.dotnet.security)
  • RE: SIMple SSL question ??
    ... I believe your book is instructing you to keep the private key secure. ... you use the certificate request wizard in IIS to install the cert after it's ... the certificate that's just been installed. ... If an attacker retrievs the SSL certificate, ...
    (microsoft.public.dotnet.security)