tags:

views:

450

answers:

2
+1  Q: 

Can't connect to HTTPS using X509 client certificate

Hi - I'm new to cryptography and I'm a bit stuck:

I'm trying to connect (from my development environment) to a web service using HTTPS. The web service requires a client certificate - which I think I've installed correctly.

They have supplied me with a .PFX file. In Windows 7, I double clicked the file to install it into my Current User - Personal certificate store.

I then exported a X509 Base-64 encoded .cer file from the certificate entry in the store. It didn't have a private key associate with it.

Then, in my app, I'm attempting to connect to the service like this:

var certificate = X509Certificate.CreateFromCertFile("xyz.cer"));
var serviceUrl = "https://xyz";
var request = (HttpWebRequest) WebRequest.Create(serviceUrl);
request.ClientCertificates.Add(certificate);
request.Method = WebRequestMethods.Http.Post;
request.ContentType = "application/x-www-form-urlencoded";

I get a 502 Connection failed when I connect.

Is there anything you can see wrong with this method? Our production environment seems to work with a similar configuration, but it's running Windows Server 2003.

Thanks!

+1  A: 

The underlying problem is that you are only giving your program access to the certificate. To perform authentication, it needs access to the private key too.

A correctly instantiated X509Certificate2 can carry the private key, and should be passed to ClientCertificates.Add() method. I believe the Import() method can accept a .pfx file as input; the exported .cer file lacks the private key and isn't useful for client authentication.

erickson  2010-05-24 23:48:22
So the web service will require that I send a private key to authenticate?
wows  2010-05-24 23:52:33
The private key isn't actually sent to the server; it is used to digitally sign some data, proving to the server that the client holds the private key without actually disclosing it.
erickson  2010-05-24 23:57:34
Ok thanks, I'll give this a shot
wows  2010-05-25 02:29:45
A: 

Take a look at this and verify that your error is due to a certificate - is the server sending back more details on the problem? http://stackoverflow.com/questions/2159361/error-502-bad-gateway-when-sending-a-request-with-httpwebrequest-over-ssl

ebpower  2010-05-25 00:43:45
I basically get a "System.IO.IOException : Received an unexpected EOF or 0 bytes from the transport stream." I take this to mean the connection was just closed by the host - not even giving me a response :(
wows  2010-05-25 01:34:12
This guy had a similar issue but it was a security protocol issue: http://stackoverflow.com/questions/853896/implement-a-c-client-that-uses-webservices-over-ssl
ebpower  2010-05-25 16:10:14

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?