RE: Problems authenticating server for SSLStream negotiation



Hi,

i can second that - why don't you simply use the cert store - thats what it is made for...

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

"Lee Gillie" wrote:

On the server side I reconstitute the server certificate from the
registry, where I have it stored as a binary block of data. A utility
loads the PFX file, which includes the private key, then stores that
in the registry. Later, when the FTP server starts I load the binary
data, and use it to construct the Certificate, which is eventually
used to negotiate SSL. The PFX was built at the server by importing
our certificate, and then exporting to PFX, supplying the password,
choosing to include the private key, and to NOT delete the key after
export.

Is there any reason why you're not using the usual SSPI certificate
stores?

The description above just suggests that you may have a problem in
your export to PFX, or your import from PFX to the registry, or your
reading from the registry, or your conversion from a binary object to
an in-memory certificate.

If you install your PFX in the regular certificate stores, you can
test using any of a number of other implementations, such as my own
WFTPD Pro (http://www.wftpd.com), to see if your certificate works
there.  That would narrow it down to either a problem in your SSL
code, or in your import / export of the certificate.

Come to that, why are you writing a program that's already been
written by so many others?

Alun.
~~~~


.



Relevant Pages

  • Re: NeedhHelp with fax wizard
    ... but the Fax module is the updated version of Win XP Fax and I see nothing there that stores the number of the last recipient. ... It doesn't store every person you fax to in the registry, ... hoping there is a registry key that would turn this feature back on. ... This is entered manually into the fax wizard pages. ...
    (microsoft.public.windowsxp.print_fax)
  • Re: Are Macros Evil?
    ... is just a little more complex to traverse but stores everything, ... I always store the location of the BE MDB in an INI file in the same folder as the FE ... So that would be suitable for putting in the registry. ... Tony Toews, Microsoft Access MVP ...
    (comp.databases.ms-access)
  • Re: securing ODBC connection details in ASP apps on IIS 6
    ... If you are using ODBC you can use a DSN, which stores the details in the ... You can secure the relevant registry keys (if you're afraid ... This script works fine on win2k. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Write Code that creates expiration date
    ... This page has code that stores an expiration date in either a defined name or in the registry and when that expiration date has passed, it either closes the workbook or makes the workbook read-only. ... file (the Hidden Workbook or bat file to update the registry). ...
    (microsoft.public.excel)