SSL / HTTPS in C# UWP apps. Using X509 Certificates. What are X509Certificate2, PowerShell PKI-Module, SslStream, TcpListener, and StreamSocketListener?
Here, we use
openssl, a command-line program. Windows comes with
PKI-Module which can be used to create self-signed certificates and
package them into .PXF, .P12 format (which dotnet can easily use).
openssl also supports these formats, we will use that here.
— TcpListener has many tutorials on the web.
It's been around .Net framework for +10 years.
In this tutorial we use
StreamSocketListener does not support SSL on UWP over LAN IP.
We are using self-signed certificates on LAN IP addresses.
TcpListener can be used
in UWP C# apps with
SslStream to work with SSL.
What are PXF (Personal Exchange Formate) & P12 (PKCS #12)?
These formats combine your private key & certificate into one binary file. In a key or certificate you have start text, a base 64 string, and end text. The format we want is not human-readable, additionally it's password protected. We don't need to create our key or certificate any differently. Creating a .PXF or .P12 is just a conversion from our two other files (the key & certificate).
How do I convert my key and SSL certificate to PXF / P12 with openssl?
To convert our .cer or .crt & .key to PKCS12 or PXF we will use
openssl pkcs12. The command will need the file name we want
to call our PXF, the private key, the certificate, and a password to seal it.
— The .PXF files can store many certificates. —
In C# we can import certificates with our .PXF file. Because one file can store many certificate pairs, we will need to load our file and read it into a variable certificate store. Next we can grab the first certificate and save that in our program for later.
— Want a self-signed cert? Follow our first tutorial. —
What do I need to make my own client-side certificates?
Simple tools for certs on macOS & linux (see Windows).
openssl pkcs12 -passout pass:hellopasphrasehere -export -out server-side.pfx -inkey server-side.key -in server-side.cer
Command Line Explained
pkcs12 Allows convert & manage PXF data.
-passout Creates the password to bind your data.
-in an option to specify the client-side certificate.
-inkey an option to specify the client-side key.
Ask questions to relations for vsadx.com