[Mono-dev] Remothing through HTTPS

Robert Jordan robertj at gmx.net
Wed Sep 7 07:10:19 EDT 2005

Hi Yngve,

both Mono's and .NET's Http*Server*Channel don't support https.
You might try something like that:



> Hi all.
> I am doing an remoting application 
> and have a Win32 Client with MS .NET v1.1
> and a Linux (Fedora Core 3 x86) Server with Mono
> The different clients will call the remote objects methods 
> on the server. 
> Among other things the clients will upload a file to the server. 
> I (now) only uses "normal" calls to upload a file - 
> no "callbacks" any more.
> The server will be located at our place.
> The clients will be users of "services", running on our server.
> The remote objects is currently hosted by an Console application, 
> but is planned to be hosted by a Windows service (on Linux / Mono :-)).
> I have gotten this working with HTTP.
> I now will try to do this with HTTPS (on port 443), 
> to get a secure tunnel between the client and the server.
> We would like to use SSL with both encryption and authentication, 
> through x509 certificates.
> The certificates should (preferable) be self signed.
>>From my testings and readings I have found that: 
> 1) My Win32 client uses Tls.
> 2) The Win32 client certificates should be:
>    a) Set in the ClientCertificates property of the HttpWebRequest.
>    b) The client certificate must be installed in 
>       the LOCAL_MACHINE registry hive.
>    (Se: KB895971 at http://support.microsoft.com/?kbid=895971).
> 3) .NET prefer the DER format (called .cer) 
>    but may also use the .p12 format.
> 4) From the Microsoft .NET documentation, 
>    I have found support only for certificate authentication 
>    through ASP.NET/IIS-hosting - In MS .NET v1.1.
> 5) There is some support for SSL in Mono, 
>    and I have succeeded to install certificates in Mono through certmgr 
>    (but I may have done it wrong. No real test yet).
> What I wonder is weather this approach gonna work with .NET Remoting 
> and with different Win32 MS .NET clients calling a Linux Mono server?.
> Do I have to customize any part of the SSL handshake?.
> On the remote objects methods, I would like to have 
> access checks on the users .NET Roles.
> Is it possible to impersonate the principal and add .NET Roles 
> to that principal when the remote objects is hosted in 
> a Console application or a Windows service (in Linux / Mono)?.
> Further, I am not really sure about how to set up the certificates 
> on the Mono server for SSL.
> I assume the the certificates should be placed in the machine store.
> I have the certificates in DER (.cer) format.
> Should the CA certificate be placed in the CA store 
> or in the Trust store?. Any more to think about?.
> I assume that the server certificate should be placed 
> in the Trust store (of the machine store).
> I hope this is right.
> // Regards 
> Yngve Zackrisson.

More information about the Mono-devel-list mailing list