| Dart Home | PowerTCP Sockets for .NET | Custom Development | Reply | PowerTCP Sockets for .NET (Secure and Standard) Topics | Forums |
| Author | Forum: PowerTCP Sockets for .NET (Secure and Standard) Topic: Client Certificate w/o Private Key |
| Scott Roberts From: Oklahoma City, OK USA Posts: 2 Member Since: 03/22/05 |
posted March 22, 2005 6:40 PM I have a situation where I am supposed to provide a client certificate in order to connect via TLS to a secure server. I have been assured by our trading partner that the client certificate they provided (in Base64 *.cer format) is not supposed to have a private key associated with it. I downloaded and installed the PowerTCP Sockets for .NET and am trying to connect to our trading parter using the demo TCP Client application. I select the appropriate client certificate and try to connect to our partner. The message I get is as follows: Connection terminated by server during SSL handshake. A couple of the other components I have evaluated said they absolutely cannot pass a client certificate to a server if it does not contain a private key. Is that the case here too? Thanks. |
Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted March 22, 2005 7:16 PM Yes. A private key would be required. It is generated in two ways that I know of: 1) It is made on the machine when the request is generated. The request is then sent to the Cerificate provider who gives you back the cer file. 2) It is contained in the file provided by the Certificate Provider. In that case, it's usually a "pfx" file and a password must be typed when it is imported into the store. It sounds like you are experiencing case #1 and you are trying to use the certificate on a machine other than the one where you generated the request. |
| cambler From: Redmond, WA USA Posts: 102 Member Since: 04/14/03 |
posted March 23, 2005 1:58 PM Our issue turned out to be a case of full-cert-chain. That is, the remote server requires the full cert chain, whereas Dart sends only the final cert and not the whole chain. They insist on getting the whole chain, so we were stuck. We had one of our developers code a wrapper to OpenSSL such that the wrapper had the same signature as the Dart library. We use his wrapper for the one server, as a plug-and-play replacement for Dart, and use Dart for everything else. |
| Reply | PowerTCP Sockets for .NET (Secure and Standard) Topics | Forums |
This site is powered by
PowerTCP WebServer for ActiveX
|