SSL, but not via a web server

TimWallace

I have an application that basically acts as a web server (it's more involved then that, but this gets the point across). I am putting the code in place to use SSL to secure the stream. I need to test this on my local PC, so of course I need a test cert. Try as I might, I cannot get makecert.exe create a certificate that will let me export it to a file as an X.509 certificate for use in my code (e.g. X509Certificate.CreateFromCertFile()). Can anyone point me toward a good tutorial on the whole process of doing this, please?

Rob Smiley

You need 2 or 3 files to implement this - .cer for the public key, .pvk for the private key and optionally (recommended) a .pfx for the combined certificate store key. This is the sequence i've used before to generate all the bits: makecert -n "CN=My Secure Key" -sv "MyKey.pvk" MyKey.cer cert2spc "MyKey.cer" "MyKey.spc" pvk2pfx -pvk "MyKey.pvk" -pi KeyPassword -spc "MyKey.spc" -pfx "MyKey.pfx" -f Once you have the files, embed the .cer in the 'public' past of your code, Install the .pfx in the server certificate store. Load the .cer with X509Certificate2 & find the private key in X509Store, e.g.

_publicCert = New X509Certificate2()
_publicCert.Import(My.Resources.PublicKeyCer)

Dim certStore As X509Store = New X509Store()
certStore.Open(OpenFlags.ReadOnly)

For Each installObj As X509Certificate2 In certStore.Certificates.Find(X509FindType.FindByThumbprint, _publicCert.Thumbprint, False)

Next

Hope this helps, Rob

"An eye for an eye only ends up making the whole world blind"