from vsadx.com

 

Science & Engineering CSCE

SSL

C#

PS

UWP

PKI

...

Next

SSL / HTTPS in C# UWP apps. Using X509 Certificates. What are X509Certificate2, PowerShell PKI-Module, SslStream, TcpListener, and StreamSocketListener?



Note: Here, we use openssl, a command-line program. Windows comes with PKI-Module which can be used to create self-signed certificates and package them into .PXF, .P12 format (which dotnet can easily use). The openssl also supports these formats, we will use that here.

— TcpListener has many tutorials on the web.
It's been around .Net framework for +10 years. —

Warn: In this tutorial we use TcpListener because StreamSocketListener does not support SSL on UWP over LAN IP. We are using self-signed certificates on LAN IP addresses. Only TcpListener can be used in UWP C# apps with SslStream to work with SSL.



What are PXF (Personal Exchange Formate) & P12 (PKCS #12)?



These formats combine your private key & certificate into one binary file. In a key or certificate you have start text, a base 64 string, and end text. The format we want is not human-readable, additionally it's password protected. We don't need to create our key or certificate any differently. Creating a .PXF or .P12 is just a conversion from our two other files (the key & certificate).



How do I convert my key and SSL certificate to PXF / P12 with openssl?



To convert our .cer or .crt & .key to PKCS12 or PXF we will use openssl pkcs12. The command will need the file name we want to call our PXF, the private key, the certificate, and a password to seal it.

— The .PXF files can store many certificates. —

In C# we can import certificates with our .PXF file. Because one file can store many certificate pairs, we will need to load our file and read it into a variable certificate store. Next we can grab the first certificate and save that in our program for later.

— Want a self-signed cert? Follow our first tutorial. —

What do I need to make my own client-side certificates?


Simple tools for certs on macOS & linux (see Windows). 

            openssl pkcs12 -passout pass:hellopasphrasehere -export -out server-side.pfx -inkey server-side.key -in server-side.cer

Command Line Explained



Line one:

pkcs12 Allows convert & manage PXF data.

-passout Creates the password to bind your data.

-in an option to specify the client-side certificate.

-inkey an option to specify the client-side key.



Ask questions to relations for vsadx.com