SSL problem

Jul 1, 2010 at 11:41 PM

Hi

I'm having trouble getting SSL to work.

Here's my code:

using System;
using System.Net;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using HttpServer;
using HttpServer.Headers;
using HttpListener = HttpServer.HttpListener;

namespace TestSSL
{
  class Program
  {
    public static void Main(string[] args)
    {
      var cert = new X509Certificate2("D:\\ssl\\mycert.p12", "password");
      HttpListener listener = HttpServer.HttpListener.Create(IPAddress.Any, 8081, cert);
      listener.RequestReceived += OnRequest;
      
      listener.Start(5);
      
      Console.ReadLine();
      
      listener.Stop();
    }
    
    private static void OnRequest(object sender, RequestEventArgs e)
    {
      e.Response.Connection.Type = ConnectionType.Close;
      String str = e.Request.Uri.AbsolutePath;
      byte[] buffer = Encoding.UTF8.GetBytes(str);
      e.Response.Body.Write(buffer, 0, buffer.Length);
    }
  }
}


The exception I get when I browse to https://127.0.0.1:8081/logon is

System.InvalidOperationException: Failed to authenticate. ---> System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The certificate chain was issued by an authority that is not trusted
   at System.Net.Sockets.Socket.AcceptCallback
   at System.Net.Sockets.Socket.RegisteredWaitCallback
   at System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback

My certificate was generated using OpenSSL and the guide here http://webserver.codeplex.com/wikipage?title=HTTPS&referringTitle=Home.

Any ideas?

Thanks very much.

Tony

Jul 2, 2010 at 7:08 AM

Forgot to say that I'm using the 45005 codebase.

 

Coordinator
Jul 2, 2010 at 8:26 AM

I've just generated a new certificate and tried the included sample project.

I found a bug, but it was that no default value had been specified for SecureListener.Protocol. I've committed a fix for that.

Your problem seems to be with windows security or something like that: 

http://social.technet.microsoft.com/Forums/en/FTMGNext/thread/12c4febb-18e7-4a77-a23e-a615b3913e67

You could try to generate a cetificate with this instruction instead: http://eal.us/2003/06/02/self-signed-iis-ssl-certificates-using-openssl/

Jul 3, 2010 at 8:26 AM

Thanks for that. I'm away for a week now. I'll post here when I've had a chance to try it.