Reputation: 121
C# dotnet SslStream truststore
I am developing a C# SSL Client.
This is oneway certificate validation. My client needs to do a server certificate validation.
I have added RemoteCertificateValidationCallback to SslStream.
At present, I have created a root CA cert and issued a certificate using the root CA cert for the server. I have used to openssl to generate these certificates.
I am getting RemoteCertificateChainErrors in my client's CertificateValidationCallback for the server certificate.
I am testing my client on Windows 10.
To fix this issue, I Have added the root CA cert to trusted root certification authorities .
Now I do not see RemoteCertificateChainErrors.
But I am not able to find a way to configure a custom trust store, as I did in the java client (jks).
I want to add my root CA to my own truststore and pass that to my C# client along with the password. When the client receives a certificate from the server it should look into that truststore for root CA cert to validate the remote certificate.
Can anyone please help?
Upvotes: 3
Views: 3419
Answers (1)
Reputation: 146
In Java you can create your own keystores. In Windows you have the restriction to use only the keystores that already exist (Own certificates, Trusted Root Certification Authorities, ...)
Therefore, when checking the server certificate you have to specify which store your client should look at.
Also, take a look at this post: Using X509 Certificate with file and key in C#
Upvotes: 0
Related Questions
- How can I connect a C# SSLStream client to an OpenSSL server?
- SSLStream example - how do I get certificates that work?
- SslStream and Authentication
- SslStream without certificate
- Can't get SslStream in C# to accept TLS 1.2 protocol with .net framework 4.6
- C# SSL secure sockets
- .Net SslStream Write/Read issue
- Cannot read stream (sslStream)
- C# SslStream Reading Issues
- C# Sockets and SslStreams