 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / Security / December 2006regarding retrival of server certificate
hi, am bharathi currently working in .net platform,in my application iam in need of retriving the certificate stored at the server and to validate the identity of the server. my sever is winn.mygdc.com and it's a apache web server. is there any options available in the .net to attain this. please help me regarding this issue. thanx in advance regards bharathi Are you using SSL? It takes care of that for you. If you want to do something programmatic involving SSL and HTTP, use the HttpWebRequest class in .NET to access the Apache server. If you want to get details of the server's certificate, you can create an instance of a class that implements ICertificatePolicy and use the CheckValidationResult to get the server's certificate during the SSL handshake and check to see if it is valid. HTH, Joe K.  SignatureJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- > hi, > am bharathi currently working in .net platform,in my application [quoted text clipped - 9 lines] > regards > bharathi thank for ur reponse actually i want to get the certificate stored at the server and to validate it ho to get the certificate in my server is there any function? please help me regarding issue... regards bharathi > Are you using SSL? It takes care of that for you. If you want to do > something programmatic involving SSL and HTTP, use the HttpWebRequest class [quoted text clipped - 25 lines] > > regards > > bharathi As Joe already pointed out - use SSL - thats an easy and standard way to get a server certificate for validation and authentication. You even have more control over the whole process by using the SslStream class in .NET 2.0 All other ways would involve an apache/OS specific way to transfer the cert to the client... ----- Dominick Baier (http://www.leastprivilege.com) > thank for ur reponse > actually i want to get the certificate stored at the server and to [quoted text clipped - 35 lines] >>> regards >>> bharathi thanks for ur reply can u please help me with a sample code... regards bharathi > As Joe already pointed out - use SSL - thats an easy and standard way to > get a server certificate for validation and authentication. [quoted text clipped - 47 lines] > >>> regards > >>> bharathi What have you tried so far? Do you want an example with SslStream or with HttpWebRequest and ICertificatePolicy? What language? I think it might be better if you just try one of the samples for SslStream first to see if you can make any progress with it. Joe K. SignatureJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- > thanks for ur reply > can u please help me with a sample code... [quoted text clipped - 54 lines] >> >>> regards >> >>> bharathi thanks joe, can u please help me with a code in HttpwebRequest And IcertificatePolicy i have tried with SSlstream and got the certificate but this is using tcp stream i need to use http sream which enales me to pass the request throug the httpproxy please help me witha sample code regards bharathi > What have you tried so far? Do you want an example with SslStream or with > HttpWebRequest and ICertificatePolicy? What language? [quoted text clipped - 67 lines] > >> >>> regards > >> >>> bharathi iam using the following code to get the certificate from the server Imports System.Net Imports System.Net.Security Imports System.Collections Imports System.Security.Authentication Imports System.Net.Sockets Imports System.Text Imports System.Security.Cryptography.X509Certificates Imports System.IO Module Module1 Dim client As TcpClient Dim sslstream As SslStream Dim sender As New Object Dim certificate, servercertificate As New X509Certificate Dim chain As X509Chain Dim sslPolicyErrors As New SslPolicyErrors Dim expcerdate As New Date Dim certsubject, certname As String Dim certsubjectvalues() As String Sub Main(ByVal args() As String) 'Dim st As NetworkStream = cli. Try client = New TcpClient client.Connect("winn.mygdc.com", 443) Catch ex As Exception 'Console.WriteLine(ex.Message) End Try Console.WriteLine("Client is connected ") sslstream = New SslStream(client.GetStream(), False, New RemoteCertificateValidationCallback(AddressOf ValidateServerCertificate), Nothing) ' Try 'sslstream = New SslStream(cli.OpenRead(args(0)), False, New RemoteCertificateValidationCallback(AddressOf ValidateServerCertificate), Nothing) 'Catch ex As Exception 'Console.WriteLine("Authentication Failed Closing Connection", ex.Message) 'End Try Try sslstream.AuthenticateAsClient("winn.mygdc.com") Catch ex As AuthenticationException Console.WriteLine("Authentication Failed Closing Connection", ex.Message) End Try servercertificate = sslstream.RemoteCertificate() Console.WriteLine("Server certificate details...") Console.WriteLine(servercertificate.Issuer) Console.WriteLine(servercertificate.Subject) servercertificate.GetPublicKeyString() Console.WriteLine(servercertificate.GetEffectiveDateString()) Console.WriteLine(servercertificate.GetExpirationDateString()) Console.WriteLine(servercertificate.GetSerialNumberString()) Console.WriteLine(servercertificate.GetKeyAlgorithmParametersString()) Console.WriteLine(servercertificate.GetType) certsubject = servercertificate.Subject certsubjectvalues = certsubject.Split(",") certname = certsubjectvalues(0).Substring((certsubjectvalues(0).IndexOf("=") + 1)) If (certname.Equals("winn.mygdc.com")) Then Console.WriteLine("Trusted certificate") Else Console.WriteLine("Untrusted certificate") End If expcerdate = CDate(servercertificate.GetExpirationDateString()) If (Date.Now > expcerdate) Then Console.WriteLine("certificate expired") Else Console.WriteLine("certificate is valid") End If client.Close() End Sub Public Function ValidateServerCertificate(ByVal sender As Object, ByVal certificate As X509Certificate, ByVal chain As X509Chain, ByVal sslPolicyErrors As SslPolicyErrors) As Boolean If (sslPolicyErrors.Equals(sslPolicyErrors.None)) Then Return True Else Return False End If End Function End Module barathee_r...@yahoo.co.in wrote: > thanks joe, > can u please help me with a code in HttpwebRequest And [quoted text clipped - 80 lines] > > >> >>> regards > > >> >>> bharathi The first thing I would do is create an HttpWebRequest that attempts to access your server and get the proxies working correctly by configuring the Proxy property to work they way you need it to in your environment. Once you can get the HttpWebRequest working and can get a response back, then you can just add the ICertificatePolicy stuff. Basically, you just create a class that implements ICertificatePolicy, create an instance of it and then set the CertificatePolicy property on the ServicePointManager to the instance of your class. Then, your CheckValidationResult method will be called and the arguments of that function will contain the server certificate. You might also be able to get your SslStream approach to work by opening a socket to the proxy server on the proxy server port, but I've never messed with proxies at the TCP level before, so I don't know. Joe K. SignatureJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- > thanks joe, > can u please help me with a code in HttpwebRequest And [quoted text clipped - 90 lines] >> >> >>> regards >> >> >>> bharathi hanks joe.. can u please help me with a example code for ICertificatePolicy.. regards bharathi > The first thing I would do is create an HttpWebRequest that attempts to > access your server and get the proxies working correctly by configuring the [quoted text clipped - 113 lines] > >> >> >>> regards > >> >> >>> bharathi I was just checking around with this and there appears to be an even easier way to do this in .NET 2.0 than implement ICertificatePolicy. The ServicePointManager class now has a ServerCertificateVerificationCallback which is a delegate type. Just define a method with the same signature as the delegate and assign it to the ServicePointManager using AddressOf. Then, your function will be called when a HTTPS connection is established. Public Function MyCertificateCallback ( _ sender As Object, _ certificate As X509Certificate, _ chain As X509Chain, _ sslPolicyErrors As SslPolicyErrors _ ) As Boolean 'do something in here. Make sure you return True if you want to allow the request. End Function ServicePointManager.ServerCertificateValidationCallback = AddressOf MyCertificateCallback ICertificatePolicy isn't much more difficult to implement, but it is more useful to use the new delegate as you get the whole cert chain now and a strongly typed enum value for any policy errors instead of a number you have to look up in the Windows API reference. Joe K. SignatureJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- > hanks joe.. > can u please help me with a example code for ICertificatePolicy.. [quoted text clipped - 132 lines] >> >> >> >>> regards >> >> >> >>> bharathi Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.