[Mono-dev] SslStream X509 certificate

Edward Ned Harvey (mono) edward.harvey.mono at clevertrove.com
Wed Sep 2 20:57:26 UTC 2015


> From: mono-devel-list-bounces at lists.ximian.com [mailto:mono-devel-list-
> bounces at lists.ximian.com] On Behalf Of lorenzo.delana
> 
> I'm struggling to find a way to run a SSL server on Linux using mono,
> I have a certificate with a private key installed using certmgr and I can
> see by listing that the certificate is in the store with Private Key: True

I assume you mean you have a real CA signed certificate, with an intermediate, right? You're not doing self-signed or anything like that - your cert is not signed directly by any CA. The point is you have an intermediate, that needs to be served by the server, right?

Mono's implementation of SSL/TLS and x509 has always been rather incomplete. In particular, there are a series of bugs or missing functionality that prevent a mono SslStream server from sending the intermediate to the client, which is a problem. The official fix is in progress, but still a long way off - Miguel wrote about it here: http://tirania.org/blog/archive/2015/Aug-27.html

For business purposes, I have had to hack it to work. Officially, you should probably pay for Eidos SSLBlackBox, but it's kind of expensive. Unofficially, you can get my hacked version at http://downloads.conceptblossom.com/mono/ and if you want to see my source changes ... Apparently I've deleted the github fork, so it'll be some effort, but I definitely have a local repo sitting around somewhere.


More information about the Mono-devel-list mailing list