views:

18

answers:

0

Hello,

I have a client and server application which use SSLStream to communicate over port 80. Both the client and the server are running as Windows Services.

Everything works in my test environment (my development computer, under the OS Windows 7 Ultimate). My problem is that when I go to deploy the client and server application to their deployment environments (the server being on Windows Server 2008, and the client being on Windows Server 2003) it does not work, and I get the error: "The client and server cannot communicate, because they do not possess a common algorithm" Please note that I have installed the same certificate using the makecert commands (listed in the "Firstly" section below)

In addition, when I gave up on trying to get the client to authenticate under the Windows Server 2003 computer, I moved it to a completely new/different Windows Server 2008 computer.. and then got a new error along the lines of "credentials supplied to package not recognized."

If you have any experience with this issue, please advise. I have been working on this for the past 3 days and have burnt up over 20 hours of development time. Please remember, the problem keeps happening when the Server and Client attempt to authenticate.

Firstly, I used the following commands via makecert.exe to generate self-signed (?) X509 Certificates:

- makecert -n "CN=Transcert" -r -sv Transcert.pvk Transcert.cer
- makecert -sk Transcert -iv Transcert.pvk -n "CN=Transcert" -ic Transcert.cer Transcert.cer -sr LocalMachine -ss Root 

(Please note, I used the Store Location 'LocalMachine' because it is my understanding that Windows Services use this Store location through the LocalSystem account, i may be wrong?)

Secondly, On the Server, I retrieve the Certification from the Store by the following code:

X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
X509CertificateCollection cert = store.Certificates.Find(X509FindType.FindBySubjectName, "Transcert", false);
if (cert.Count > 0)
{
  return cert[0];
}

Thirdly, On the Server, I start listening for TCP Clients on port 80:

public virtual void StartListening()
{
  sslServer = new TcpListener(HostPort);

  sslServer.Start();

  AcceptClientThread = new Thread(new ThreadStart(AcceptClientThread_Run));
  AcceptClientThread.Start();
}

private void AcceptClientThread_Run()
{
  try
  {
    TcpClient client = sslServer.AcceptTcpClient();

    ProcessNewClient(client);
  }
  catch (Exception ex)
  {

  }

  AcceptClientThread_Run();
}

Fourthly, On the Server, I prepare the code to process when a client connects:

  SslClient = pSslClient;
  SSLCertificate = pSSLCertificate;

  _SslStream = new SslStream(SslClient.GetStream());
  _SslStream.AuthenticateAsServer(SSLCertificate, false, SslProtocols.Tls, false);

  Output = new StreamWriter(_SslStream);
  Output.AutoFlush = true;
  Input = new StreamReader(_SslStream);

  ReadThread = new Thread(new ThreadStart(ReadIncomingData));
  ReadThread.Start();

Finally, On the Client, I prepare the code for connecting the Client to the Server:

    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Ssl3;

    sslClient = new TcpClient();
    sslClient.Connect(HostAddress, HostPort);

    //ServicePointManager.ServerCertificateValidationCallback = delegate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; };

    sslStream = new SslStream(sslClient.GetStream(), false, new RemoteCertificateValidationCallback(CertificateValidationCallback));
    sslStream.AuthenticateAsClient("Trancert");

    showSslInfo(HostAddress, sslStream, true);

-- Above is everything I have available in relation to this problem --