If you want to know the details of each script take a look at this great tutorial about makecert (http://www.jayway.com/2014/09/03/creating-self-signed-certificates-with-makecert-exe-for-development/)
In this tutorial the files will be stored under c:\temp\ssl
The batch file will create the root CA that can be used to sign other certificates such as ssl certificates for servers and clients.
Paste the code below into notepad and save it as CARoot.cmd
makecert.exe ^
-n "CN=CARoot" ^
-r ^
-pe ^
-a sha512 ^
-len 4096 ^
-cy authority ^
-sv LocalIp.pvk ^
-sr LocalMachine ^
-ss Root ^
CARoot.cer
pvk2pfx.exe ^
-pvk CARoot.pvk ^
-spc CARoot.cer ^
-pfx CARoot.pfx ^
-po Test123
Normally you would use a domain name for CN, but since there might be times when you only have ip adress I will show that in this sample. Below we use 192.168.1.7 (my local machine on my home network).
Do note that this batch file will take a parameter which will be the name of the cert. All '%1' will be replaced by the parameter you pass in.
Paste the code below into notepad and save it as CreateServerCert.cmd
makecert.exe ^
-n "CN=192.168.1.7" ^
-iv CARoot.pvk ^
-ic CARoot.cer ^
-pe ^
-a sha512 ^
-len 4096 ^
-b 01/01/2014 ^
-e 01/01/2016 ^
-sky exchange ^
-eku 1.3.6.1.5.5.7.3.1 ^
-sv %1.pvk ^
%1.cer
pvk2pfx.exe ^
-pvk %1.pvk ^
-spc %1.cer ^
-pfx %1.pfx ^
-po Test123
Paste the code below into notepad and save it as CreateClientCert.cmd
makecert.exe ^
-n "CN=ClientCert" ^
-iv CARoot.pvk ^
-ic CARoot.cer ^
-pe ^
-a sha512 ^
-len 4096 ^
-b 01/01/2014 ^
-e 01/01/2016 ^
-sky exchange ^
-eku 1.3.6.1.5.5.7.3.2 ^
-sv %1.pvk ^
%1.cer
pvk2pfx.exe ^
-pvk %1.pvk ^
-spc %1.cer ^
-pfx %1.pfx ^
-po Test123
First of all open up the Developer Command Prompt for Visual Studio, then navigate to the folder where the files we just created are located. In my case c:\temp\ssl
Just call CARoot.cmd from the Developer Command Prompt.
Enter the password when prompted...
Call the CreateServerCert.cmd and append a parameter that will be the name of the cert.
For example: CreateServerCert.cmd MyServerCert
Once again you will be prompted som passwords. For details about this, take a look at http://www.jayway.com/2014/09/03/creating-self-signed-certificates-with-makecert-exe-for-development/
Call the CreateClientCert.cmd and append a parameter that will be the name of the cert.
For example: CreateClientCert.cmd MyClientCert
Once again you will be prompted som passwords. For details about this, take a look at http://www.jayway.com/2014/09/03/creating-self-signed-certificates-with-makecert-exe-for-development/
This sample only shows how to connect the C# client to the server with the cert.
We load the certificate, we have to do it from the file since we did not install the certificate into the LocalMachine.
using System.Security.Cryptography.X509Certificates;
using XSockets.Core.Configuration;
namespace MySecurity
{
public class MySecureConfig : ConfigurationSetting
{
public MySecureConfig() : base("wss://192.168.1.7:4503")
{
this.Certificate = new X509Certificate2("c:\\temp\\SSL\\ServerCert.pfx","Test123");
}
}
}
Just in case you do not know how to start the server in a console application.
using System;
using XSockets.Core.Common.Socket;
namespace MySecurity
{
class Program
{
static void Main(string[] args)
{
using (var container = XSockets.Plugin.Framework.Composable.GetExport<IXSocketServerContainer>())
{
container.Start();
Console.ReadLine();
}
}
}
}
Just connecting and printing out some messages.
using System;
using System.Security.Cryptography.X509Certificates;
using XSockets.Client40;
namespace MyClient
{
class Program
{
static void Main(string[] args)
{
var c = new XSocketClient("wss://192.168.1.7:4503", "http://localhost", "generic");
c.AddClientCertificate(new X509Certificate2("c:\\temp\\SSL\\ClientCert.pfx","Test123"));
c.OnConnected += (sender, eventArgs) => Console.WriteLine("Connected");
c.Controller("generic").OnOpen += (sender, connectArgs) => Console.WriteLine("Generic Open");
c.Open();
Console.ReadLine();
}
}
}