> i described the procedure
>
> here:
> http://www.leastprivilege.com/PermaLink.aspx?guid=f34680fd-a58d-43a7-ba6d-2d813814ee73
> and here:
> http://www.leastprivilege.com/PermaLink.aspx?guid=6b5d5471-0710-41d7-891b-308afa959a6e

> You need to install the private key into the CAPI keystore. If you have a
> p12 or pfx file with the certificate and private key, you can use that to
> import them into the key store.

> Windows doesn't let you read private keys directly off the file system
> like that. It wants to use the CAPI store. When you specify a
> certificate to use, it simply uses that as a key to look up that
> certificate in the CAPI store and find the associated private key.

"Jakob Nielsen" <a@b.c> wrote in message
news:u%231x$5fYFHA.3032@TK2MSFTNGP10.phx.gbl...
> Using net 2.0
>
> I try creating a sslStream from a regular networkstream as folows
>
> Socket clientSocket = serverSocket.EndAccept(result);
> clientSocket.Blocking = true;
> Stream clientStream = new NetworkStream(clientSocket);
> SslStream sslStream = new SslStream(clientStream);
> X509Certificate cert =
> X509Certificate.CreateFromCertFile(@"c:\mycertificate.crt");
> sslStream.AuthenticateAsServer(cert);
>
> The call to AuthenticateAsServer fails with "The server mode SSL must use
> a
> certificate with the associated private key"
>
> What exactly should I put into that message? It needs another kind of
> certificate with the private key embedded?
> I do have a keyfile on the side with one of my certificates, but I can not
> specify it anywhere.
> Another certificate , I am testing with, is from rapidSSL a CA so I assume
> it should be "right".
>
> Has someone else tried setting up a sslStream as server?
>
> Should i somehow put my private key into my certificate? I read somewhere
> that you could concatenate the two files, but that didnt resolve the
> problem.
>
>

> Using net 2.0
>
> I try creating a sslStream from a regular networkstream as folows
>
> Socket clientSocket = serverSocket.EndAccept(result);
> clientSocket.Blocking = true;
> Stream clientStream = new NetworkStream(clientSocket);
> SslStream sslStream = new SslStream(clientStream);
> X509Certificate cert =
> X509Certificate.CreateFromCertFile(@"c:\mycertificate.crt");
> sslStream.AuthenticateAsServer(cert);
> The call to AuthenticateAsServer fails with "The server mode SSL must
> use a certificate with the associated private key"
>
> What exactly should I put into that message? It needs another kind of
> certificate with the private key embedded?
> I do have a keyfile on the side with one of my certificates, but I can
> not
> specify it anywhere.
> Another certificate , I am testing with, is from rapidSSL a CA so I
> assume
> it should be "right".
> Has someone else tried setting up a sslStream as server?
>
> Should i somehow put my private key into my certificate? I read
> somewhere that you could concatenate the two files, but that didnt
> resolve the problem.
>

"Jakob Nielsen" <a@b.c> wrote in message
news:uwnDOGhYFHA.4024@TK2MSFTNGP10.phx.gbl...
>> You need to install the private key into the CAPI keystore. If you have
>> a p12 or pfx file with the certificate and private key, you can use that
>> to import them into the key store.
>
> I have a *.crt file and one called *.key
>
> The keyfile starts with
> -----BEGIN RSA PRIVATE KEY-----
> Proc-Type: 4,ENCRYPTED
> DEK-Info: DES-EDE3-CBC,48DCE18A11B80350
>
> and the crt starts with
> -----BEGIN CERTIFICATE-----
>
> Perhaps someone can tell me if those are usable and how to import them. I
> can install the crt file, but I can not specify the private key and it
> doesnt seem to load it automatically simply because there is a key file at
> same location.
>
>> Windows doesn't let you read private keys directly off the file system
>> like that. It wants to use the CAPI store. When you specify a
>> certificate to use, it simply uses that as a key to look up that
>> certificate in the CAPI store and find the associated private key.
>
> Ok, that was my first mistake. I thought that by giving a filename, the
> certificate would be loaded from there..
>
> If the certificates, that I have, are invalid for my purpose then how can
> I easily get a usable certificate?
> Thanks for your response. Have been fighting with this for a while now :-/
>

> Your English is very good. It is both. :)

>I guess I'm just not sure of what exactly it is you are doing. If your
>goal is to have a WinForms app communicate with a web server
>programmatically, .NET includes a System.Net.HttpWebRequest class that you
>can use for doing programmatic HTTP protocol stuff, including SSL.

> If your goal is to implement a custom HTTP Server, then it seems like it
> would be easiest to using the built in model in ASP.NET and use its
> extensibility mechanisms to implement your own HTTP handlers.
>
> However, if you really want raw stream based data that is SSL encrypted,
> then SslStream is probably the way to go. It really depends on the
> problem you are trying to solve and the level of abstraction you want.

> Glad you are making progress anyway.

> Actually, I think for what you are doing, it probably makes sense. You
> would need to be using IIS to host ASP.NET which it doesn't sound like you
> want to do.

> I believe there is another model though that might be easier than using
> raw TCP. In .NET 2.0, I believe there is a new HttpListener class that
> interfaces directly with HTTP.SYS. This only works on Win2K3 and XP SP2
> so far (as they are the only ones with the required driver), but it might
> give you a higher level of abstraction.

> It looks like that is all I need. I will try it out first thing tomorrow

> This is something I have no idea on. Sorry.

> It sounds like you are trying to implement your own web server. Wouldn't
> it be easier to implement this using ASP.NET instead (write a custom
> IHttpHandler or something)?

"Jakob Nielsen" <a@b.c> wrote in message
news:O2Y9DosYFHA.3164@TK2MSFTNGP09.phx.gbl...
>> It looks like that is all I need. I will try it out first thing tomorrow
>
> Ok, now i tried it, and it works. I can make a server and client and have
> them talk encrypted.
>
> I wanted ssl in order to let a web browser connect through https to my
> application which aced as a heet server.
> Now a browser can connect, warn me about the encryption, display the
> certiciate and aparently negotiate ssl in place.
> It seems that data sent from the browser to me is getting lost. The
> sslstream's reader allways show an empty stream, though I would expect the
> browser to send a GET command.
>
> Since I can make a client and server pair which can communicate, the
> problem seems to be related to the browser and .net ssl. Perhaps there are
> some incompatabilities related to that specific setup, that I don't know
> about?
>
>

"Jakob Nielsen" <a@b.c> wrote in message
news:%23086amtYFHA.132@TK2MSFTNGP10.phx.gbl...
>> This is something I have no idea on. Sorry.
>
> No, I am sorry. It seems the problem was somewhere else. With a minimal
> test, I could get data through. I will just have to debug a bit more.
>
>> It sounds like you are trying to implement your own web server. Wouldn't
>> it be easier to implement this using ASP.NET instead (write a custom
>> IHttpHandler or something)?
>
> Perhaps it would. I am still fairly new to .net, så there are a lot of
> clases which I don't know about. It is not a webserver as such though. It
> is a system which provides a web interface as well as one with winforms.
>
> Asp is running from a webserver is it not? Can I use bits and pieces of
> asp in a winforms application to create a basic http-server?
>

"Jakob Nielsen" <a@b.c> wrote in message
news:%23oZPgZuYFHA.2508@TK2MSFTNGP15.phx.gbl...
> >I guess I'm just not sure of what exactly it is you are doing. If your
> >goal is to have a WinForms app communicate with a web server
> >programmatically, .NET includes a System.Net.HttpWebRequest class that
> >you can use for doing programmatic HTTP protocol stuff, including SSL.
>
>> If your goal is to implement a custom HTTP Server, then it seems like it
>> would be easiest to using the built in model in ASP.NET and use its
>> extensibility mechanisms to implement your own HTTP handlers.
>>
>> However, if you really want raw stream based data that is SSL encrypted,
>> then SslStream is probably the way to go. It really depends on the
>> problem you are trying to solve and the level of abstraction you want.
>
> I have an application which is a normal winforms app. It acts as a
> backupserver and for that I want it to communitate with clients (that I
> also create) in a secure way. Ssl seems fine. I also want that server app
> to service users through a browser interface, so they can perform simple
> maintanence and status checks from anywhere without the actual backup
> client.
> That is also comunication which should be conficential, so https seems
> lige a good choice.
>
> Currently i have a tcplistener accepting connections on port 80, parsing
> http requests and sending back html formatede text and graphics. I do the
> http and html myself.
>
> Are you saying that I can grab a few classes from asp.net and use them
> here without needing some webserver to run it all? I guess that makes
> sence. The classes in asp.net which can read a http header and generate
> one, should work no matter where you run them.
>
>> Glad you are making progress anyway.
>
> Thanks. *singing* We all get byyyyy with a little help from our groups
> :-)
>

"Jakob Nielsen" <a@b.c> wrote in message
news:%239dKTkvYFHA.3280@TK2MSFTNGP09.phx.gbl...
> Thanks for the tip..... hm.. is a tip in english the money you pay at
> restaurants and so on, or are they allså pointers as in danish? Hmm...oh
> well.. thanks anyway :-)
>