SSLStream example - how do I get certificates that work?

Question

I\'m using the SSLStream example from msdn here. The client code \"seems\" to work fine, as I can connect to google and it at least gets past authentication, but the server

Answer 1

generate your certificate using this command:

makecert -r -pe -n "CN=localhost" -m 12 -sky CertSubject -ss my serverCert.cer

and then from client connect to the server like this (assuming we are using MSDN example you mentioned):

SslTcpClient.RunClient ("localhost", "CertSubject");

you will get validation errors in ValidateServerCertificate() call - but that's expected - you are using self-signed certificate. Just return true there.

UPDATE:

I disagree with Tung's suggestion of adding self-signed certificate into the client's Trusted Root Certification Authorities. I think it can cause issues later on if you plan to distribute/support your software. For example, client might reinstall windows, or move his profile to another PC, or whatever - and understanding WHY your software suddenly stopped working will be a pain (again, i'm talking long-term - a year or two from now, when you completely forget this little "trick").

Instead i would rather suggest to "hardcode" your certificate (by comparing subject and thumbprint) into client's logic, something like this:

X509Certificate2 certificate = (X509Certificate2)cert;
if (certificate.Subject.StartsWith("CN=FAKE_SERVER_WHATEVER") &&
    !string.IsNullOrEmpty(certificate.Thumbprint) &&
    certificate.Thumbprint.ToLower() == "11c4446c572a9918ced3618728b91b3a07982787")
{
     return true;
}
return false;