Hello,
I’m looking for some help on how to import .pem certificate and use it .Net code.
Any help or sample implementation for reference will be appreciated.
Hello,
I’d start from this sample: C#/.NET Tutorials and then change the Session Properties to something like this:
// Create session properties
SessionProperties sessionProps = new SessionProperties()
{
Host = host,
VPNName = VPNName,
// UserName = UserName,
// Password = Password,
AuthenticationScheme = AuthenticationSchemes.CLIENT_CERTIFICATE,
SSLTrustStoreDir = "certs",
SSLClientCertificateFile = "certs/client.pem",
SSLClientPrivateKeyFile = "certs/client.key",
SSLClientPrivateKeyFilePassword = "password",
CompressionLevel = 0, // 0..9 for more compression, but only usable against appliance
ReconnectRetries = DefaultReconnectRetries
};
Of course, there are other ways, like using SSLClientCertificate and/or SSLTrustStore directly. API reference can be found here: SessionProperties Class
This doc also might help on the certs part, this one is for REST but quite useful since only the REST part is different then using Solace API. Two-way SSL Authentication for REST
And you’d need to have a trust store containing your server CA cert in the trust store dir. In my case, I use this command although I wasn’t very sure about using .jks or .p12 
keytool -keystore client-truststore.p12 -alias clientts -import -file server.pem
hope this helps,
Ari
oops forgot the doc link: Two-way SSL Authentication for REST
Hi @aalok . I actually responded to this during my weekly Office Hours live stream last week, I should have posted my answer sooner. Check it out here: https://www.youtube.com/watch?v=6fW_u_s6RDI&t=1187s
One other thing to add to Ari’s answer is: head to https://solace.com/downloads/ and download the .NET distribution, and inside the ex folder is a specific secureSession.cs sample that you might be interested in.
Hello,
I too stumbled on this issue and got it resolved with a suggestion provided by @alamkhan786 . Hoping this well help someone in the future
1st option and disable complete chain verification >
// Create session properties
SessionProperties sessionProps = new SessionProperties()
{
Host = host,
VPNName = VPNName,
UserName = UserName,
Password = Password,
ReconnectRetries = DefaultReconnectRetries,
SSLValidateCertificate = false
};
2nd Option - Load the store which has the Trusted CA public certificate >
X509CertificateCollection certificatesCollection = new X509CertificateCollection();
foreach (StoreLocation storeLocation in (StoreLocation)Enum.GetValues(typeof(StoreLocation)))
{
foreach (StoreName storeName in (StoreName) Enum.GetValues(typeof(StoreName)))
{
X509Store store = new X509Store(storeName, storeLocation);
try
{
store.Open(OpenFlags.OpenExistingOnly);
foreach (X509Certificate certificate in store.Certificates)
{
certificatesCollection.Add(certificate);
}
}
catch (CryptographicException)
{
Console.WriteLine(“No {0}, {1}”, store.Name, store.Location);
}
}
Console.WriteLine();
}
Use it during the setup of SessionProperties >
SessionProperties sessionProps = new SessionProperties()
{
Host = host,
VPNName = VPNName,
UserName = UserName,
Password = Password,
ReconnectRetries = DefaultReconnectRetries,
SSLTrustStore= certificatesCollection
};
Hope it will help the community.
Best Regards,
Franklin
Thanks @Frankee787 for sharing! This is indeed very helpful
Thanks @Frankee787 for sharing