[Mono-list] Private key failure SslStream based authentication on Mono/UbuntuLinux

Chirag Patel patel.chirag.d at gmail.com
Thu May 26 16:17:54 EDT 2011

Hi All,

I am working on migrating my .NET based windows service to mono and linux.

I am using SslStream and its BeginAuthenticateServer method.

Exception: The authentication or decryption has failed.
Inner Exception: Server certificate Private Key unavailable.
at Mono.Security.Protocol.Tls.Handshake.Server.TlsClientKeyExchange.ProcessAsSsl3
() [0x00000] in <filename unknown>:0
  at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process ()
[0x00000] in <filename unknown>:0
  at (wrapper remoting-invoke-with-check)
Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process ()
  at Mono.Security.Protocol.Tls.ServerRecordProtocol.ProcessHandshakeMessage
(Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00000] in <filename
  at Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback
(IAsyncResult asyncResult) [0x00000] in <filename unknown>:0


I see that Sebastien has pointed out using alternate
Mono.Security.Protocol.Tls.SslServerStream class,
and its delegate to fetch private key. (because of difference between
linux vs. windows handling of certs.)

What is next? Just use the server certificate from SslServerStream
property, and dispose the stream?
And continue using original Microsoft SslStream?
I just have to use Mono's SslServerStream and manually write read
"any/irrelevant" data to proceed with authentication?

I am using PFX file. I did include private key. So, Do I even need to
use the delegate to load private key separately??
(How can I debug whether the loaded X509Certificate instance has the
private key loaded.)

I have also tried this with a Verisign issued real certificate. But
since that entire thing including export was done on Windows, I tried
my code with self-signed (linux - openssl) cert.


More information about the Mono-list mailing list