Re: HttpListener, SSL Certificates, Sever and client certificate auth
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 4 Apr 2008 11:37:59 -0500
That error indicates that there is no keyset for the SSL cert. Are you sure
the process you used for getting the SSL cert didn't lose the private key?
You can open up the cert in the certificates MMC and see if it says it has a
private key associated with it.
It may also be a permissions problem where your service process doesn't have
the right permissions to read the key or it may be a profile problem where
you have the private key stored in some user's local profile instead of in
the local machine store and thus your service process can't get to it.
HTH!
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Colin" <Colin@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DEA98F09-EF73-4274-83D4-65A9E0C15B9E@xxxxxxxxxxxxxxxx
Can someone please tell me what I am doing wrong. I have been working on
this issue for quite some time.
I have developed a lightweight http server using HttpListener. I want to
use SSL certificates to authenticate both the server to the client and the
client to the server.
When I create a self signed root CA using makecert, then create a server
authentication certificate and a client authentication certificate using
makecert, everything works fine. The client and the server exchange
certificates and it all works. This is great for development, not so
great
for a production environment.
When I use a server running certificate services to create certificates,
the
server disconnects the client. The client application receives an
exception
of:
System.Net.WebException: The underlying connection was closed: An
unexpected
err
or occurred on a send. ---> System.IO.IOException: Authentication failed
because
the remote party has closed the transport stream.
I am using a stand alone machine running certificate services. It is a
root
CA.
When using certificate services, I use a web browser to go to the
certificate services web interface. I install the root CA certificate,
then
I request a new server auth certificate. Then I issue the certificate on
the
CA machined, then I install the certificate using the web interface. Then
I
do the same for the client certificate.
Then I use httpcfg to configure the port.
If I use the makecert certificates all is well.
If I use the certficate services certificates, it fails.
Obviously I have some configuration issue or I am just not doing something
right. I have no idea.
Anyone know what I am doing wrong? Any ideas about how to debug the
issue?
I have turned on SCHANNEL debugging and something of interest is when I
use
the microsoft server certificates I get an error in the event log:
A fatal error occurred when attempting to access the SSL server credential
private key. The error code returned from the cryptographic module is
0x80090016
I don't get this error with the makecert certificates.
Please help, thank you.
.
- Follow-Ups:
- References:
- Prev by Date: HttpListener, SSL Certificates, Sever and client certificate auth
- Next by Date: Re: How do I locate an object using its sid in a multi-forests environ
- Previous by thread: HttpListener, SSL Certificates, Sever and client certificate auth
- Next by thread: Re: HttpListener, SSL Certificates, Sever and client certificate a
- Index(es):
Relevant Pages
|
