tags:

views:

32

answers:

1
+1  Q: 

SSL certificate for LAN enviornment

I have made a Silverlight 3.0 application, which communicates with an xml rpc server over https. The whole application will run in a LAN enviornment where server can be installed on different machines and client will on on same machine. I am using Self signed certificate which is generated against ip of server and I need to put in Trusted Root Certification Authorties on client machine. but if I want to communicate a second server then another certificate need to be installed on client machine against ip of that specific server, In short I need to install n certificates on client if I want to communicate n different servers, which is impossible for me, how can I do it with a single certificate over LAN enviornment. Certificates are generated against the ip or host name of server, is there any way to by pass the validation of SSL certificate? like 

ServicePointManager.ServerCertificateValidationCallback = MyCertHandler; 

static bool MyCertHandler(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors error) 
{ 
// Ignore errors 
return true; 
}

but the above code can't be used in Silverlight? any help?

A: 

Dont use a Self Signed Certificate, and if you can to ignore authentication, then there is no good reason to use ssl.

For avoiding Self Signed Certs: Set up a personal CA (extremely easy to do with Microsoft's CA). Then issue the server certificates from your own CA and give the CA's certificate to each of the servers as the trusted root. Then you end up with a setup like:

Cert Chains:

  • A signed B
  • A signed C
  • A signed D
  • A signed E

Deployment:

  • Server B gets A and B
  • Server C gets A and C
  • Server D gets A and D
  • Server E gets A and E

Then a client connecting into any of these servers can match the common name against the address it connected to, the valid date range against its own now time, and build a chain for validation to "CA Cert A" for every server.

(here is a random starting link for setting up your own CA server.) link text

If you try to use Selfsigned you will endup with

Cert Chains:

  • B signed B
  • C signed C
  • D signed D
  • E signed E

Cert Deployment

  • Server B gets B, C, D, E
  • Server C gets B, C, D, E
  • Server D gets B, C, D, E
  • Server E gets B, C, D, E
Wayne Weeks  2010-07-10 07:27:45

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?