Hello,

im fighting for 2 days now with openSSL. But i cant create SSL certificates that work correct. Could somebody explain me which kind of certifiates are the best for the security lib and how to create them.

Alex

OpenSSL as well as the Windows CryptoAPI all use the same type of certificates, namely X509.3. The question should be: how are these certificates stored on disk? There are several file types that can store X509 certificates. OpenSSL uses PEM files and can optionally convert them to PFX files. The CryptoAPI supports PFX and DER files.

The easiest thing to do is to use OpenSSL to generate a certificate [which is stored as a PEM file] and then convert it to a PFX file. Once you have the PFX file, you can import it in our library using the CertificateStore.CreateFromPfxFile method.

You can convert PEM files to PFX files with the following command:
openssl pkcs12 -export -in certificate.pem -inkey key.pem -out
certificate.pfx -name "My Certificate"

Here's some more information about the OpenSSL pkcs12 utility: http://www.mkssoftware.com/docs/man1/openssl_pkcs12.1.asp

Thanx a lot, i will try this

Alex

Hi,

with your hep i got the certificate stuff working now. Why do i need the password when i load from the pfxFile? Is there another way to use a certificates without password.

Alex

The private keys of certificates are usually protected by a password. You can set the password to an empty string, of course, but if someone gets his hands on your PFX file, it'll compromise the private key.

You can install a certificate and its private key in a CertificateStore. A CertificateStore is basically a database of certificates. You do not need a password to open certificates from a certificate store.