.Net integration using .pem certificate
Comments
-
Hello,
I'd start from this sample: https://solace.com/samples/solace-samples-dotnet/ and then change the Session Properties to something like this:// Create session properties SessionProperties sessionProps = new SessionProperties() { Host = host, VPNName = VPNName, // UserName = UserName, // Password = Password, AuthenticationScheme = AuthenticationSchemes.CLIENT_CERTIFICATE, SSLTrustStoreDir = "certs", SSLClientCertificateFile = "certs/client.pem", SSLClientPrivateKeyFile = "certs/client.key", SSLClientPrivateKeyFilePassword = "password", CompressionLevel = 0, // 0..9 for more compression, but only usable against appliance ReconnectRetries = DefaultReconnectRetries };
Of course, there are other ways, like using SSLClientCertificate and/or SSLTrustStore directly. API reference can be found here: https://docs.solace.com/API-Developer-Online-Ref-Documentation/net/html/82816aab-350c-a890-cc35-ac125b35421c.htm
This doc also might help on the certs part, this one is for REST but quite useful since only the REST part is different then using Solace API. https://docs.solace.com/Configuring-and-Managing/Two-Way-SSL-Authentication.htm
And you'd need to have a trust store containing your server CA cert in the trust store dir. In my case, I use this command although I wasn't very sure about using .jks or .p12
keytool -keystore client-truststore.p12 -alias clientts -import -file server.pem
hope this helps,
Ari0 -
oops forgot the doc link: https://docs.solace.com/Configuring-and-Managing/Two-Way-SSL-Authentication.htm
0 -
Hi @aalok . I actually responded to this during my weekly Office Hours live stream last week, I should have posted my answer sooner. Check it out here: https://www.youtube.com/watch?v=6fW_u_s6RDI&t=1187s
One other thing to add to Ari's answer is: head to https://solace.com/downloads/ and download the .NET distribution, and inside the
ex
folder is a specificsecureSession.cs
sample that you might be interested in.1 -
Hello,
I too stumbled on this issue and got it resolved with a suggestion provided by @alamkhan786 . Hoping this well help someone in the future
1st option and disable complete chain verification
// Create session properties SessionProperties sessionProps = new SessionProperties() { Host = host, VPNName = VPNName, UserName = UserName, Password = Password, ReconnectRetries = DefaultReconnectRetries, SSLValidateCertificate = false };
2nd Option - Load the store which has the Trusted CA public certificate
X509CertificateCollection certificatesCollection = new X509CertificateCollection(); foreach (StoreLocation storeLocation in (StoreLocation[])Enum.GetValues(typeof(StoreLocation))) { foreach (StoreName storeName in (StoreName[]) Enum.GetValues(typeof(StoreName))) { X509Store store = new X509Store(storeName, storeLocation); try { store.Open(OpenFlags.OpenExistingOnly); foreach (X509Certificate certificate in store.Certificates) { certificatesCollection.Add(certificate); } } catch (CryptographicException) { Console.WriteLine("No {0}, {1}", store.Name, store.Location); } } Console.WriteLine(); }
Use it during the setup of SessionProperties
SessionProperties sessionProps = new SessionProperties() { Host = host, VPNName = VPNName, UserName = UserName, Password = Password, ReconnectRetries = DefaultReconnectRetries, SSLTrustStore= certificatesCollection };
Hope it will help the community.
Best Regards,
Franklin
1 -
Thanks @Frankee787 for sharing! This is indeed very helpful :)
0 -
Thanks @Frankee787 for sharing
0