tags:

views:

209

answers:

2
+2  Q: 

SSL certificate setup for SslStream

I have a situation where I need to generate SSL certificates for clients using SslStream as a server.

I know how to do that (makecert.exe), but I run into a problem when trying to ensure that both sides of the connection are authenticated.

Basically, if I use self signed cert, I need to add it to the trusted roots to get mutual authentication to work. I would rather avoid that if I can. I know that I can purchase a SSL certificate, but my situation is that I need to create a different certificate for each client, so buying a certificate for each client is out of the question.

Is there a way to avoid that? Maybe some certificate that I can buy that I can use to generate more certificates? As you can probably tell, I am pretty clueless about SSL in general.

A: 

I'm not sure if this can help you?

http://www.tc.umn.edu/~brams006/selfsign.html

Tony  2010-01-02 22:19:07
I can do that, that is not the issue.The problem is that in order to make this work I need to modify the Trusted Roots. I would rather avoid that if this is possible, which is why I asked if there is some way to buy a CA cert. Google isn't helpful here, I am afraid.
Ayende Rahien  2010-01-02 22:21:52
IMHO I don't think you can buy one cert and then create other certs, otherwise that would defeat the purpose of an SSL cert. It is supposed to 'authenticate' the validity of something. You see what I mean?
Tony  2010-01-02 22:30:40
+1  A: 

The short answer is no, you can't do that. That is yet another reason why client certificates are not popular. You can provide a relatively painless install script for your users to run on their machines to install your homegrown CA certificate, but it still requires user intervention on every client that will connect to your server. Not pretty at all. Are you sure you cannot use usernames and passwords?

GregS  2010-01-03 02:01:57

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?