.Net integration using .pem certificate

aalok
aalok Unconfirmed, Member Posts: 1

Hello,
I'm looking for some help on how to import .pem certificate and use it .Net code.
Any help or sample implementation for reference will be appreciated.

Tagged:

Comments

  • arih
    arih Member, Employee Posts: 125 Solace Employee
    edited July 2020 #2

    Hello,
    I'd start from this sample: https://solace.com/samples/solace-samples-dotnet/ and then change the Session Properties to something like this:

                // Create session properties
                SessionProperties sessionProps = new SessionProperties()
                {
                    Host = host,
                    VPNName = VPNName,
                    // UserName = UserName,
                    // Password = Password,
                    AuthenticationScheme = AuthenticationSchemes.CLIENT_CERTIFICATE,
                    SSLTrustStoreDir = "certs",
                    SSLClientCertificateFile = "certs/client.pem",
                    SSLClientPrivateKeyFile = "certs/client.key",
                    SSLClientPrivateKeyFilePassword = "password",
                    CompressionLevel = 0, // 0..9 for more compression, but only usable against appliance
                    ReconnectRetries = DefaultReconnectRetries
                };
    

    Of course, there are other ways, like using SSLClientCertificate and/or SSLTrustStore directly. API reference can be found here: https://docs.solace.com/API-Developer-Online-Ref-Documentation/net/html/82816aab-350c-a890-cc35-ac125b35421c.htm

    This doc also might help on the certs part, this one is for REST but quite useful since only the REST part is different then using Solace API. https://docs.solace.com/Configuring-and-Managing/Two-Way-SSL-Authentication.htm

    And you'd need to have a trust store containing your server CA cert in the trust store dir. In my case, I use this command although I wasn't very sure about using .jks or .p12 :)
    keytool -keystore client-truststore.p12 -alias clientts -import -file server.pem

    hope this helps,
    Ari

  • arih
    arih Member, Employee Posts: 125 Solace Employee
  • Aaron
    Aaron Member, Administrator, Moderator, Employee Posts: 497 admin

    Hi @aalok . I actually responded to this during my weekly Office Hours live stream last week, I should have posted my answer sooner. Check it out here: https://www.youtube.com/watch?v=6fW_u_s6RDI&t=1187s

    One other thing to add to Ari's answer is: head to https://solace.com/downloads/ and download the .NET distribution, and inside the ex folder is a specific secureSession.cs sample that you might be interested in.

  • Frankee787
    Frankee787 Member Posts: 10
    edited May 2022 #5

    Hello,

    I too stumbled on this issue and got it resolved with a suggestion provided by @alamkhan786 . Hoping this well help someone in the future

    1st option and disable complete chain verification

     // Create session properties
          SessionProperties sessionProps = new SessionProperties()
          {
            Host = host,
            VPNName = VPNName,
            UserName = UserName,
            Password = Password,
            ReconnectRetries = DefaultReconnectRetries,
        SSLValidateCertificate = false
          };
    

    2nd Option - Load the store which has the Trusted CA public certificate

       X509CertificateCollection certificatesCollection = new X509CertificateCollection();
          foreach (StoreLocation storeLocation in (StoreLocation[])Enum.GetValues(typeof(StoreLocation)))
          {
            foreach (StoreName storeName in (StoreName[]) Enum.GetValues(typeof(StoreName)))
            {
              X509Store store = new X509Store(storeName, storeLocation);
              try
              {
                store.Open(OpenFlags.OpenExistingOnly);
                foreach (X509Certificate certificate in store.Certificates)
                {
                  certificatesCollection.Add(certificate);
                }
               
              }
              catch (CryptographicException)
              {
                Console.WriteLine("No      {0}, {1}",  store.Name, store.Location);
              }
            }
            Console.WriteLine();
          }
    


    Use it during the setup of SessionProperties

       SessionProperties sessionProps = new SessionProperties()
          {
            Host = host,
            VPNName = VPNName,
            UserName = UserName,
            Password = Password,
            ReconnectRetries = DefaultReconnectRetries,
        SSLTrustStore= certificatesCollection 
          };
    


    Hope it will help the community.

    Best Regards,

    Franklin

  • Tamimi
    Tamimi Member, Administrator, Employee Posts: 489 admin
    edited May 2022 #6

    Thanks @Frankee787 for sharing! This is indeed very helpful :)

  • alamkhan786
    alamkhan786 Member, Employee Posts: 11 Solace Employee

    Thanks @Frankee787 for sharing