SSL certificates

  • Thread starter Giulio Petrucci
  • Start date

G

Giulio Petrucci

Hi there,

I'm writing a client app, connecting to a web-service over a https://
connection. Everything seems to work fine but... where does the .NET fw
load the proper SSL certificate from? From the remote serer (just like a
browser)?

thanks in advance,
Giulio - Italy
 
Ad

Advertisements

E

Eugene Mayevski

Hello!
You wrote on Tue, 04 Mar 2008 18:34:54 +0100:

GP> I'm writing a client app, connecting to a web-service over a https://
GP> connection. Everything seems to work fine but... where does the .NET fw
GP> load the proper SSL certificate from? From the remote serer (just like
GP> a browser)?

Are you asking about server's certificate or the ceritificate used for
client-side authentication?
The server identifies itself with it's certificate and you need to validate
it (.NET does this for you in some way).
If you need to identify youself, then the certificate is taken from the
local storage (probably you can provide your own, but I don't know the
details).

In general you will find the description of how SSL works here: http://eldos.com/sbb/articles/1948.php

With best regards,
Eugene Mayevski
http://mayevski.blogspot.com/
 
G

Giulio Petrucci

Hi Eugene,

first of all: thank you for your reply!

Eugene Mayevski ha scritto:
Are you asking about server's certificate or the ceritificate used for
client-side authentication?
Client-side.
I suppose it works just like for the browser, doesn't it? The client
connects to an https:// URL, and the server provides the client with its
certificate. Right?
In general you will find the description of how SSL works here:
http://eldos.com/sbb/articles/1948.php
Thanks for the link!

Kind regards,
Giulio - Italia
 
E

Eugene Mayevski

Hello!
You wrote on Wed, 05 Mar 2008 14:23:45 +0100:

??>> Are you asking about server's certificate or the ceritificate used for
??>> client-side authentication?
GP> Client-side.
GP> I suppose it works just like for the browser, doesn't it? The client
GP> connects to an https:// URL, and the server provides the client with
its
GP> certificate. Right?

Not at all. Either you are mixing the client-side authentication with what
you see, or one of the above.

Client-side authentication is when the client tells the server, who the
client is. This type of authentication is used relatively rarely (comparing
to regular HTTPS communication). The certificate used for a client-side
authentication is the property of the client. It's stored either in Windows
Certificate storage or in hardware (cryptocards and USB cryptotokens). When
you connect to the server that requires client-side authentication, system
components of Windows (if you use HttpWebRequest class) attempt to choose
the certificate to use in authentication among the certificates located in
Windows Certificate storage. As said, probably you can specify other
certificate (for example the one you loaded from PFX file).

With best regards,
Eugene Mayevski
http://mayevski.blogspot.com/
 
G

Giulio Petrucci

Hi Eugene,

Eugene Mayevski ha scritto:
Not at all. Either you are mixing the client-side authentication with
what you see, or one of the above.

Client-side authentication is when the client tells the server, who the
client is. [cut]
Ok, got it.
So I thought I was talking about it but I wasn't! ;-)
Actually my scenario is really simple: I have a client application wich
must query a remote webservice over an https connection. No cliend-side
auth needed, the only certificate acting in this scenario is the server one.
In this case, is it correct to say that my client app receives the
certificate from the server?
As said, probably you can specify other certificate (for
example the one you loaded from PFX file).
Don't get it.
Could you link me to any reference-or-code-snippet?

Thanks in advance,
Giulio
 
E

Eugene Mayevski

Hello!
You wrote on Wed, 05 Mar 2008 15:13:52 +0100:

GP> one. In this case, is it correct to say that my client app receives the
GP> certificate from the server?

Yes, the certificate is sent by the server.

??>> As said, probably you can specify other certificate (for
??>> example the one you loaded from PFX file).
GP> Don't get it.
GP> Could you link me to any reference-or-code-snippet?

You don't need it if you don't use client-side authentication

With best regards,
Eugene Mayevski
http://mayevski.blogspot.com/
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top