Using SSL client certificate in WebRequest and WebServices without certificate installation

If you are using .Net frameworks 1.0 or 1.1, certificate must be installed on either User store or Machine Store. This posting is only valid for v2.0.

In version 2.0 (Currently released Whidbey Beta1) user have option to use the certificate which contain the private key without installing it on certificate store.

In general it is not recommended practice to store certificate as file and not install in certificate store. In some special cases user might not have access for certificate installation (e.g. Webbhosting site only allow ftp access to users). In such case you can store full certificate file (include private key) on a share and use it for client certiificate based SSL authentication.

System.Security.Cryptography.X509Certificates namespace provide classes to create X509CertificateEx instance with private key persistence like below

X509CertificateEx Cert = new X509CertificateEx();

Cert.Import(_certificateFilieName,_certificatePassword,X509KeyStorageFlags.PersistKeySet);

If you add X509CertificateEx instance as mentioned above to client certificate collection of HttpWebRequest or WebService instance, certificate base authentication would work without installing certificateon cetificate store of the machine.

This posting is provided "AS IS" with no warranties, and confers no rights

Comments

  • Anonymous
    October 05, 2007
    I have .crt .csr .key files with identical names.The certificate is self-signed and now i am wondering how to use these files respectively.If i set EnableSsl to false everythign works ok ..otherwise an exception is thrown which is caused by the fact that i have not implemented certificate in the code.Can you describe all the process including where these files should be placed durring development and where when you create setup project and how to get their values in order to run the ftp over secure channel?THANKS