30+ years of tech, retired from an identity intelligence company, now part-time with an insurance broker.
Dev community mod - mostly light gardening & weeding out spam :)
and from my own hand in a recent app, at least I remembered the references:
#region Certificate Management
private object AssociateCertificate(Uri baseAddress, string certfile, string certpass)
{
// NB: The following world of pain is why we want to switch to Kestrel - getting HTTP.sys to use a specific cert is awful.
// Load the cert..
// Always ensure the private key is exportable & correctly persisted, thanks Windows:
// https://stackoverflow.com/questions/13076915/ssl-certificate-add-failed-when-binding-to-port
// https://stackoverflow.com/questions/4198493/x509certificate2-has-private-key-not-exportable
// https://stackoverflow.com/questions/10498580/private-keys-get-deleted-unexpectedly-in-windows-server-2008-r2
X509Certificate2 x509 = new X509Certificate2(certfile, certpass, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.MachineKeySet);
// Ensure it's persisted in the right store (LocalMachine\My)
// NB: We cannot do this without being an administrative account, but then we can't listen for HTTP either, thanks Windows:
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
if (!store.Certificates.Contains(x509))
{
Trace.WriteLine("Adding cert to store");
store.Add(x509);
}
store.Close();
// re-bind it to the listen port - always remove then add, thanks Windows: https://github.com/PKISharp/win-acme/issues/371
ICertificateBindingConfiguration config = new CertificateBindingConfiguration();
Guid appId = System.Runtime.InteropServices.Marshal.GetTypeLibGuidForAssembly(System.Reflection.Assembly.GetExecutingAssembly());
IPEndPoint ep = new IPEndPoint(0, baseAddress.Port);
try { if (config.Query(ep) != null) config.Delete(ep); } catch { }
config.Bind(new CertificateBinding(x509.Thumbprint, StoreName.My, ep, appId));
return baseAddress;
}
There is a classic SO thread with many, many fine examples:
stackoverflow.com/questions/184618...
and from my own hand in a recent app, at least I remembered the references:
I love a good doco in the code ๐