CODEWITHSUNDEEP
c#windows-phone-8ssl-certificate
MPeli
MPeli

Reputation: 580

How can I check whether a ssl certificate is installed?

I use this code to install a self-signed certificate (user has to confirm the installation).

    // Constructor
    public MainPage()
    {
        this.Loaded += new RoutedEventHandler(MainPage_Loaded);

    }
    private async void MainPage_Loaded(object sender, RoutedEventArgs e)
    {
        try
        {
            StorageFolder packageLocation = Windows.ApplicationModel.Package.Current.InstalledLocation;
            StorageFolder certificateFolder = await packageLocation.GetFolderAsync("Certificates");
            StorageFile certificate = await certificateFolder.GetFileAsync("myCer.cer");

            await Launcher.LaunchFileAsync(certificate);
        }
        catch (Exception ex)
        {
            MessageBox.Show(ex.Message.ToString());
        }
    }

Is it possible to check whether the certificate is already installed so that I do not have to install it each time my app is launched?

Upvotes: 1

Views: 3826

Answers (2)

Mitch
Mitch

Reputation: 22311

Certificates can be compared in many ways, but the two most common are by

  • By Thumbprint
    • Cryptographic hash of the public key
    • Calculated on request – not stored in the certificate itself
    • Unique across all certificates
    • Difficult to fake when using a collision resistant hash algorithm(http://en.wikipedia.org/wiki/Preimage_attack)
  • By Serial Number and Issuer
    • Mandated to be unique when using PKI
    • Faster to compare as no computation is required
    • Can only be trusted when you are validating chain trust. An attacker could generate a self signed certificate with a chosen serial number and issuer name.

In code:

X509Certificate cert1 = /* your cert */;
X509Certificate cert2 = /* your other cert */;

// assuming you are validating pki chain
// X509Certificate compares the serial number and issuer
bool matchUsingSerialAndIssuer = cert1.Equals(cert2);

// otherwise
bool publicKeyIsIdentical = cert1.GetCertHashString() == cert2.GetCertHashString();
// or easier to read if using X509Certificate2 (Thumbprint calls GetCertHashString)
// bool publicKeyIsIdentical = cert1.Thumbprint == cert2.Thumbprint;

Upvotes: 1

Chad
Chad

Reputation: 89

Why dont you try something like this to find the cert. Also incude this name space into your project System.Security.Cryptography.X509Certificates; If you cant use X509 you can change the below code to use a different type for the cert.

 private static X509Certificate2 GetCertificateFromStore(string certSN)
        {

            X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
            try
            {
                store.Open(OpenFlags.ReadOnly);
                X509Certificate2Collection col = store.Certificates;

                foreach (var currCert in col)
                {
                    var currSN = currCert.SerialNumber;
                    if (certSN.ToUpperInvariant() == currSN)
                    {
                        return currCert; // you found it return it
                        break;
                    }

                }

                return null; // you didnt now install it...
            }
            finally
            {
                store.Close();
            }


        }

Upvotes: 0

Related Questions