[Mono-dev] Using SslStream
sebastien.pouliot at gmail.com
Thu May 19 11:12:44 EDT 2011
On Thu, 2011-05-19 at 07:12 -0700, jpros wrote:
> Sorry for revive this thread, but I'm having the same problem.
> I'm using CentOS with mono 2.10.2 as server and Windows XP as client.
> My Code
> > Socket socket = tcp.AcceptSocket();
> > X509Certificate certificado =
> > X509Certificate.CreateFromCertFile("dg1.cer");
> > ns = new SslStream(new NetworkStream(socket));
> > ns.AuthenticateAsServer(certificado);
> When the service is going Authenticate it throws the same exception of
> Richter's code.
> > System.IO.IOException: The authentication or
> > decryption has failed. --->
> > > Mono.Security.Protocol.Tls.TlsException: Server
> > certificate Private Key
> I created a certificate by Apple KeyChain but didn't work, after read a lot,
> I created a certificate by Mono makecert and I added the certificate to mono
> certmgr trust store, but didn't work too.
> I don't know what can I do to solve my problem.
You are confusing issues.
The common trust issue is (mostly) a client issue, i.e. the client must
trust the certificate that a server is using in order for SSL to be
useful. Now your client is on Windows XP (not sure it's running Mono or
Your code is server code (which is executed on centos, right?) and the
exception you're seeing is about the (missing) private key (not a trust
This happens because the .cer file (that you're feeding to your server)
is *only* a certificate. A X.509 certificate includes the public key
(good enough for the client in this case) but does *NOT* include the
private key, which the server requires to establish a secure channel
with the client.
One way to solve this is using Mono's makecert and generate a pkcs#12
file (i.e. which includes both the certificate(s) and the private key)
and use this in your server code. A recent thread  includes more
 when asking for help please provide all details, e.g. .net runtime
used (e.g. on windows), mono versions
 googling "Mono AuthenticateAsServer" would have pointed this out
More information about the Mono-devel-list