3
1 - To make a secure communication between a client and a server, I decided to use SSL using Sslstream, from example msdn site, but the issue is that it is not a server on the web, even not being a web server I have to use a certificate, or I can give up??
2 - If need be, how can I get this certificate? I know it is not paid or anything like.
3 - Is it feasible for me to make my own? If so, how can I make one?
3
Yes you can use SSLStream even if it is not a web server, i.e, you can use it when establishing an TCP connection between a server and a client.
You can generate your own certificate with Openssl (guide to create an auto-signed certificate in Openssl).
In order to facilitate the process, there is a piece of code that generates a certificate through the command line (I recommend creating a . cmd/. bat to facilitate the process):
:: Se instalou o OpenSSL num local não-padrão, altere os caminhos abaixo.
@echo off
set OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl.cfg
"C:\OpenSSL-Win32\bin\openssl" req -x509 -nodes -days 365 -subj /C=[código de duas letras do país]/ST=[estado]/L=[localidade]/CN=[Nome do servidor] -newkey rsa:1024 -keyout private.key -out cert.crt
"C:\OpenSSL-Win32\bin\openssl" pkcs12 -export -in cert.crt -inkey private.key -out [nome do certificado].pfx -passout pass:[password do seu certificado]
del .rnd
del private.key
del cert.crt
With the certificate created, you can use it as follows on the server:
X509Certificate2 cert = new X509Certificate2([caminho para o certificado, [password do certificado]);
SslStream sslStream = new SslStream(client.GetStream());
sslStream.AuthenticateAsServer(cert);
Browser other questions tagged c# certified sslstream
You are not signed in. Login or sign up in order to post.
the use of openssl is better? In case I want to establish a connection, encrypt the data and send to my server
– Enzo Tiezzi
@Enzotiezzi better implies comparison with something. Better than what? Openssl is free and makes work easier. If you are considering using a certificate in scenarios where safety is quite important, you may consider purchasing a certificate created and signed by an accredited company (type Globalsign et al)
– Omni
the part of facilitating the work, as it facilitates?
– Enzo Tiezzi
I mean facilitate, in the sense that, apart from installation time, can generate a certificate in a few seconds to use during development/testing, etc
– Omni
in this case, I can use the msdn code itself, making only the change in the X509certificate for the X509certificate2 with the correct parameters?
– Enzo Tiezzi
@Enzotiezzi In the msdn example you have to provide a certificate to the program (on the server). If you repair the serverCertificate line = X509certificate.Createfromcertfile(Certificate); creates a certificate based on an existing certificate.
– Omni
yes, in case it brings as parameter the certificate name, then I Gero it with the . bat, and already use in X509certificate2, right?
– Enzo Tiezzi
Let us continue this Discussion in chat.
– Omni
now it gives me an error that does not find the file name (certificate) being in the same folder
– Enzo Tiezzi
if you are using serverCertificate = X509certificate.Createfromcertfile(Certificate) you must pass the file . cer and not . pfx (see this response from the OS)
– Omni
I am using this: serverCertificate = new X509certificate2("Testefbmcertificate","fbm12345");
– Enzo Tiezzi
he gives me a cryptographicException
– Enzo Tiezzi