Managing Multiple SSL Certificates in a web API
-
Hi All, I originally posted this in the "Web Development" forum but haven't had any replies so thought I'd try here as it is dealing with WCF web services. I'm looking to create some kind of class or library that will manage multiple SSL certificates in a live web API scenario. It should be able to enumerate a cert store to find at least two SSL certs and then work out which one to use at any given time. The basic premise is that the API should be able to support more than one SSL certificate. So when it comes time to renew an SSL certificate you can simply let the API know there is another one (via config) and when the web service switches to the new server certs, it will recognise that and automatically switch to using the new corresponding client one. Is there anything in .NET that already does that or has one been created already by a third party? Regards,
Jammer My Blog | [Articles](http://www.codeproject.com/script/Articles /MemberArticles.aspx?amid=4664921) | DMon | SampleSort
-
Hi All, I originally posted this in the "Web Development" forum but haven't had any replies so thought I'd try here as it is dealing with WCF web services. I'm looking to create some kind of class or library that will manage multiple SSL certificates in a live web API scenario. It should be able to enumerate a cert store to find at least two SSL certs and then work out which one to use at any given time. The basic premise is that the API should be able to support more than one SSL certificate. So when it comes time to renew an SSL certificate you can simply let the API know there is another one (via config) and when the web service switches to the new server certs, it will recognise that and automatically switch to using the new corresponding client one. Is there anything in .NET that already does that or has one been created already by a third party? Regards,
Jammer My Blog | [Articles](http://www.codeproject.com/script/Articles /MemberArticles.aspx?amid=4664921) | DMon | SampleSort
This sounds suspiciously like an issue for your webserver, not an application. Because it sounds like you are trying to use 1 certificate for multiple websites, hosted on a single IP. If this is indeed what you are trying to do, it doesn't really have anything to do with .NET, instead it has to do with your hosting software. IIS does support this, Apache (last I checked) will not. Is this indeed what you are trying to do?
-
This sounds suspiciously like an issue for your webserver, not an application. Because it sounds like you are trying to use 1 certificate for multiple websites, hosted on a single IP. If this is indeed what you are trying to do, it doesn't really have anything to do with .NET, instead it has to do with your hosting software. IIS does support this, Apache (last I checked) will not. Is this indeed what you are trying to do?
Hi Alaric, Basically the API is used in a web site and is configured using a config file to identify the correct SSL certificate to use. I was thinking of making the API support two certs so when there is a switch over and the certs are renewed the API could work that out and start using the new certificate when required. What is the best way to manage this SSL switch over process with least downtime in the services or the web sites / API? Cheers,
Jammer My Blog | [Articles](http://www.codeproject.com/script/Articles /MemberArticles.aspx?amid=4664921) | DMon | SampleSort