Science & Engineering CSCE








SSL / HTTPS in C# UWP apps. Using X509 Certificates. What are X509Certificate2, PowerShell PKI-Module, SslStream, TcpListener, and StreamSocketListener?

Note: Here, we use openssl, a command-line program. Windows comes with PKI-Module which can be used to create self-signed certificates and package them into .PXF, .P12 format (which dotnet can easily use). The openssl also supports these formats, we will use that here.

— TcpListener has many tutorials on the web.
It's been around .Net framework for +10 years. —

Warn: In this tutorial we use TcpListener because StreamSocketListener does not support SSL on UWP over LAN IP. We are using self-signed certificates on LAN IP addresses. Only TcpListener can be used in UWP C# apps with SslStream to work with SSL.

What are PXF (Personal Exchange Formate) & P12 (PKCS #12)?

These formats combine your private key & certificate into one binary file. In a key or certificate you have start text, a base 64 string, and end text. The format we want is not human-readable, additionally it's password protected. We don't need to create our key or certificate any differently. Creating a .PXF or .P12 is just a conversion from our two other files (the key & certificate).

How do I convert my key and SSL certificate to PXF / P12 with openssl?

To convert our .cer or .crt & .key to PKCS12 or PXF we will use openssl pkcs12. The command will need the file name we want to call our PXF, the private key, the certificate, and a password to seal it.

— The .PXF files can store many certificates. —

In C# we can import certificates with our .PXF file. Because one file can store many certificate pairs, we will need to load our file and read it into a variable certificate store. Next we can grab the first certificate and save that in our program for later.

— Want a self-signed cert? Follow our first tutorial. —

What do I need to make my own client-side certificates?

Simple tools for certs on macOS & linux (see Windows).

            openssl pkcs12 -passout pass:hellopasphrasehere -export -out server-side.pfx -inkey server-side.key -in server-side.cer 

Command Line Explained

Line one:

pkcs12 Allows convert & manage PXF data.

-passout Creates the password to bind your data.

-in an option to specify the client-side certificate.

-inkey an option to specify the client-side key.

Ask questions to relations for