Home/ Questions/Q 6208009
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T05:44:04+00:00

I am working on C# project where tcp transmition between server and client is

  • 0

I am working on C# project where tcp transmition between server and client is made using SSL. I created certificate file with makecert program, but it works only on computer where it was generated (although I have installed .cer file). I am almost sure, that the problem lies in parameters which I put into command, but I checked many combinations and none (despit following) worked

makecert -r -pe -n "CN=This is my certificate" -ss my -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 ca.cer

.cer file is used only for ciphering transmition. I don’t use PKI. Furthermore using SSL is “dead requirement” – it must be used, just for be used. Any security issues shouldn’t be considered.

If anyone should answer me, how to create certificate, that will be able to be used by X509Certificate.CreateFromCertFile method I would be delighted.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you control all of the machines that will use these certificates, you can create a CA that’s trusted by all of the machines, and then issue certificates based on that.

    Here are my batch files. The first one creates the CA certificate:

    :// Create a self-signed certificate (-r),
:// with an exportable private key (-pe),
:// using SHA1 (-r), for signing (-sky signature).
:// The private key is written to a file (-sv).
makecert -r -pe -n "CN=My Root Authority" -ss CA ^
    -sr CurrentUser -a sha1 -sky signature -cy authority ^
    -sv CA.pvk CA.cer

    Import the .CER file into the CA certificate store on those machines that must connect to the server (they must trust the CA):

    :// Import that certificate into the
:// "Trusted Root Certification Authorities" store.
certutil -user -addstore Root CA.cer

    This one creates a server certificate:

    :// Create a server certificate, with an exportable private key (-pe),
:// using SHA1 (-r) for key exchange (-sky exchange).
:// It can be used as an SSL server certificate (-eku 1.3.6.1.5.5.7.3.1).
:// The issuing certificate is in a file (-ic), as is the key (-iv).
:// Use a particular crypto provider (-sp, -sy).
makecert -pe -n "CN=server.example.com" -a sha1 ^
    -sky exchange -eku 1.3.6.1.5.5.7.3.1
    -ic CA.cer -iv CA.pvk ^
    -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 ^
    -sv server.pvk server.cer
pvk2pfx -pvk server.pvk -spc server.cer -pfx server.pfx

    Install the .pfx file, and then get the C# server code to use it. This is left as an exercise for the reader.

    • 0