[Mono-dev] Using SslStream

Sebastien Pouliot sebastien.pouliot at gmail.com
Thu May 19 11:12:44 EDT 2011 

On Thu, 2011-05-19 at 07:12 -0700, jpros wrote:
> Sorry for revive this thread, but I'm having the same problem.
> 
> I'm using CentOS with mono 2.10.2 as server and Windows XP as client.
> 
> My Code
> 
> > Socket socket = tcp.AcceptSocket();
> > X509Certificate certificado =
> > X509Certificate.CreateFromCertFile("dg1.cer");
> > ns = new SslStream(new NetworkStream(socket));
> > ns.AuthenticateAsServer(certificado);
> 
> When the service is going Authenticate it throws the same exception of
> Richter's code.
> > System.IO.IOException: The authentication or 
> >                 decryption has failed. ---> 
> >                 > Mono.Security.Protocol.Tls.TlsException: Server 
> >                 certificate Private Key 
> 
> 
> I created a certificate by Apple KeyChain but didn't work, after read a lot,
> I created a certificate by Mono makecert and I added the certificate to mono
> certmgr trust store, but didn't work too.
> 
> I don't know what can I do to solve my problem.

You are confusing issues.

The common trust issue is (mostly) a client issue, i.e. the client must
trust the certificate that a server is using in order for SSL to be
useful. Now your client is on Windows XP (not sure it's running Mono or
not [1]).

Your code is server code (which is executed on centos, right?) and the
exception you're seeing is about the (missing) private key (not a trust
issue) [2].

This happens because the .cer file (that you're feeding to your server)
is *only* a certificate. A X.509 certificate includes the public key
(good enough for the client in this case) but does *NOT* include the
private key, which the server requires to establish a secure channel
with the client.

One way to solve this is using Mono's makecert and generate a pkcs#12
file (i.e. which includes both the certificate(s) and the private key)
and use this in your server code. A recent thread [3] includes more
details

Sebastien

[1] when asking for help please provide all details, e.g. .net runtime
used (e.g. on windows), mono versions
[2] googling "Mono AuthenticateAsServer" would have pointed this out
[3] http://comments.gmane.org/gmane.comp.gnome.mono.general/42060

More information about the Mono-devel-list mailing list