[Mono-list] urgent: WS with client side certificate

Sebastien Pouliot sebastien.pouliot at gmail.com
Tue Apr 18 08:51:28 EDT 2006

Hello Pere,

On Tue, 2006-04-18 at 10:17 +0200, Pere Rodríguez wrote:
> Hello,
> I need connect to a WS that require certificate on client side and I don't
> know how do it.
> Does mono suport for a certificate on client side in a WS connection?

The short answer is no.

> I registered with certmgr server certificate and my certificate
> (client) and I add
> proxy.ClientCertificates.Add (X509Certificate.CreateFromCertFile ("..."));
> to my source, but it doesn't run. Server doesn't accept connection.
> I don't know how to inform about my private key or how to register my
> PKCS#12 in mono.

You're on the right track and found the main problem. I.e. before fx 2.0
there's no API to match a certificate and a keypair. MS depends on
CryptoAPI to do this "magic" behind the scene.

Fx 2.0 supports certificates "with" a private key (e.g. it keeps both of
them inside the same instance when a X.509 certificate is loaded from a
PKCS#12 file, or a certificate store).

> Some idea please ...

The SSL/TLS code inside Mono.Security does support client-certificates.

It's not easy or clean but it's possible to use reflection to add a
delegate to Mono.Security.SslClientStream.PrivateKeySelectionCallback.

This would allow you to supply (manually) the private key (associated
with the certificate) when it is required by the stream to authenticate
the client connection to the server.

Other alternatives are:

* wrap the HTTP code around a HTTPS connection made with
Mono.Security.dll (e.g. your own proxy);

* contribute to the Mono .NET 2.0 profile (wait for it to be completed);

Sebastien Pouliot  <sebastien at ximian.com>
Blog: http://pages.infinit.net/ctech/

More information about the Mono-list mailing list