RE: Problems authenticating server for SSLStream negotiation
- From: Dominick Baier [DevelopMentor] <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 30 Jan 2006 19:59:22 +0000 (UTC)
i can second that - why don't you simply use the cert store - thats what it is made for...
--------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com
"Lee Gillie" wrote:
On the server side I reconstitute the server certificate from the registry, where I have it stored as a binary block of data. A utility loads the PFX file, which includes the private key, then stores that in the registry. Later, when the FTP server starts I load the binary data, and use it to construct the Certificate, which is eventually used to negotiate SSL. The PFX was built at the server by importing our certificate, and then exporting to PFX, supplying the password, choosing to include the private key, and to NOT delete the key after export.
Is there any reason why you're not using the usual SSPI certificate stores?
The description above just suggests that you may have a problem in your export to PFX, or your import from PFX to the registry, or your reading from the registry, or your conversion from a binary object to an in-memory certificate.
If you install your PFX in the regular certificate stores, you can test using any of a number of other implementations, such as my own WFTPD Pro (http://www.wftpd.com), to see if your certificate works there. That would narrow it down to either a problem in your SSL code, or in your import / export of the certificate.
Come to that, why are you writing a program that's already been written by so many others?
- Prev by Date: Re: Problems authenticating server for SSLStream negotiation
- Next by Date: Re: HOWTO: Prevent Dynamic Loading of internal Types
- Previous by thread: Re: Problems authenticating server for SSLStream negotiation