I have been unable to get certificates created by the Microsoft makecert utility to work as server certificates in an SSL Socket Server based on the Mentalis Security Library. I traced the problem down to the ServerHandshakeLayer.GetDistinguishedNames() method. The present code returns a list of all certificates from the ROOT store, first checking that GetIntendedKeyUsage() returns the SecurityConstants.CERT_KEY_CERT_SIGN_KEY_USAGE flag.

MakeCert does not create certificates with an IntendedKeyUsage attribute. In fact, from what I can tell, IntendedKeyUsage is not required for certificates. I wonder if anyone knows more about this? I changed my copy of the code to check both IntendedKeyUsage and EnhancedKeyUsage ( checking for the SSL SErver Authentication OID ), and now it works with certificates created by MakeCert.