[Mono-dev] About System.Net.Security.SslStream

Sebastien Pouliot sebastien.pouliot at gmail.com
Tue Nov 11 08:08:26 EST 2008

On Tue, 2008-11-11 at 15:12 +0800, 陈醒 wrote:
> Hello! I'm using mono 1.9.2 and trying to write a small program using
> SslStream. The program runs as server side program.
> I found if I write the program as
>  serverCertificate = X509Certificate.CreateFromCertFile(certificate);
>  SslStream sslStream = new SslStream(
>                 client.GetStream()
>                 );
>  sslStream.AuthenticateAsServer(serverCertificate,
>                     false, SslProtocols.Tls, true);
> I will get a  "Server certificate Private Key unavailable" error.

This depends on which type of certificate file you're providing the
X509Certificate ctor and the framework version you're using (I assume
2.9 since you're using SslStream).

A typical .cer does not have a private key inside it so it wont work.
Using a PKCS#12 file, containing a certificate and a private key, will

        The main difference is not the framework but the fact that
        Windows CryptoAPI defines relations between certificates and
        keys (when persisted) and allow code to "find" a private key
        when you supply a certificate (even if its not loaded from a
        certificate store). No such facility exists under Linux.

> But if I use SslServerStream provided by Mono.Security and prepare a
> pvk file and do as the monodoc says, it works. But certainly the
> program won't run in .net framework.

Certainly in what sense ? you tried it ? Google a bit and you'll see
that many people use Mono.Security.dll under Windows - the assembly is
fully managed and will run everywhere.

> Is it because the developing of SslStream not finished or is it a bug
> of SslStream? Is there any way to write a program works with better
> compatibility? Thanks.

With the information you provided it looks like configuration issue to
me, not a bug. Try the above (and google the subject) and you should be
ok soon. If not the please fill a bug report with a full sample of what
you're doing.


More information about the Mono-devel-list mailing list