Who is responsible creating client certificate?

Discussion in 'ASP .Net Web Services' started by Daniel Lee, Jul 29, 2006.

  1. Daniel Lee

    Daniel Lee Guest

    My company is providing asp.net web service method to a third party company.
    It's implmented using client certificate authentication over SSL. My network
    manager generated a client certificate for the company. However, the company
    decided to create their own. The issue is that they need to have a control
    of private key.

    Here is my sample for the client code:

    com.inswriter.confirm.Service service = new com.inswriter.confirm.Service();

    // Acknowledge the pipeline and optionally check and see that the Server
    // Certificate matches what you want, in this case
    // "CN=CertName"

    ServicePointManager.ServerCertificateValidationCallback = delegate(Object
    sender, X509Certificate cert, X509Chain chain, SslPolicyErrors err) { return
    cert.Issuer.Equals(certName); };

    // Attach the client certificate,
    X509Certificate c = X509Certificate.CreateFromCertFile(
    @"C:\CertFileDir\lynxder.cer");

    service.ClientCertificates.Add(c);

    // submit request (no message encryption)
    string response = service.getpolicy(request);


    My question is:
    Does private key in the certificate involved at all in the client request?
    If not, does it matter who generate the certificate?


    Thanks in advance
    Daniel Lee, Jul 29, 2006
    #1
    1. Advertising

  2. Daniel Lee

    Techno_Dex Guest

    The idea behind a certificate is there is a public and a private key. You
    can sign your data with your cert's private key and someone on the other end
    with your public key can validate your signed data packet. Certificates are
    based on trust, so as long as you trust the certificate authority chain then
    all is good. In theory, both sides can each have a certificate, then you
    both exchange your public keys which allow you to each sign your data with
    your own private key then validate (unencrypt, etc.) with the public key.

    "Daniel Lee" <Daniel > wrote in message
    news:...
    > My company is providing asp.net web service method to a third party
    > company.
    > It's implmented using client certificate authentication over SSL. My
    > network
    > manager generated a client certificate for the company. However, the
    > company
    > decided to create their own. The issue is that they need to have a
    > control
    > of private key.
    >
    > Here is my sample for the client code:
    >
    > com.inswriter.confirm.Service service = new
    > com.inswriter.confirm.Service();
    >
    > // Acknowledge the pipeline and optionally check and see that the Server
    > // Certificate matches what you want, in this case
    > // "CN=CertName"
    >
    > ServicePointManager.ServerCertificateValidationCallback = delegate(Object
    > sender, X509Certificate cert, X509Chain chain, SslPolicyErrors err) {
    > return
    > cert.Issuer.Equals(certName); };
    >
    > // Attach the client certificate,
    > X509Certificate c = X509Certificate.CreateFromCertFile(
    > @"C:\CertFileDir\lynxder.cer");
    >
    > service.ClientCertificates.Add(c);
    >
    > // submit request (no message encryption)
    > string response = service.getpolicy(request);
    >
    >
    > My question is:
    > Does private key in the certificate involved at all in the client request?
    > If not, does it matter who generate the certificate?
    >
    >
    > Thanks in advance
    >
    >
    Techno_Dex, Jul 31, 2006
    #2
    1. Advertising

  3. Daniel Lee

    Daniel Lee Guest

    Thanks Techno_Dex. Somehow I did not get email notification.

    If I use a client certificate (the .der file), does it mean client only
    contains the public key and will use it for the authentication purpose.

    Thanks

    "Techno_Dex" wrote:

    > The idea behind a certificate is there is a public and a private key. You
    > can sign your data with your cert's private key and someone on the other end
    > with your public key can validate your signed data packet. Certificates are
    > based on trust, so as long as you trust the certificate authority chain then
    > all is good. In theory, both sides can each have a certificate, then you
    > both exchange your public keys which allow you to each sign your data with
    > your own private key then validate (unencrypt, etc.) with the public key.
    >
    > "Daniel Lee" <Daniel > wrote in message
    > news:...
    > > My company is providing asp.net web service method to a third party
    > > company.
    > > It's implmented using client certificate authentication over SSL. My
    > > network
    > > manager generated a client certificate for the company. However, the
    > > company
    > > decided to create their own. The issue is that they need to have a
    > > control
    > > of private key.
    > >
    > > Here is my sample for the client code:
    > >
    > > com.inswriter.confirm.Service service = new
    > > com.inswriter.confirm.Service();
    > >
    > > // Acknowledge the pipeline and optionally check and see that the Server
    > > // Certificate matches what you want, in this case
    > > // "CN=CertName"
    > >
    > > ServicePointManager.ServerCertificateValidationCallback = delegate(Object
    > > sender, X509Certificate cert, X509Chain chain, SslPolicyErrors err) {
    > > return
    > > cert.Issuer.Equals(certName); };
    > >
    > > // Attach the client certificate,
    > > X509Certificate c = X509Certificate.CreateFromCertFile(
    > > @"C:\CertFileDir\lynxder.cer");
    > >
    > > service.ClientCertificates.Add(c);
    > >
    > > // submit request (no message encryption)
    > > string response = service.getpolicy(request);
    > >
    > >
    > > My question is:
    > > Does private key in the certificate involved at all in the client request?
    > > If not, does it matter who generate the certificate?
    > >
    > >
    > > Thanks in advance
    > >
    > >

    >
    >
    >
    Daniel Lee, Aug 16, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Xah Lee

    responsible license

    Xah Lee, Aug 31, 2003, in forum: C Programming
    Replies:
    13
    Views:
    541
    Rob Warnock
    Sep 6, 2003
  2. Maligree
    Replies:
    2
    Views:
    353
  3. Helena Cai
    Replies:
    0
    Views:
    395
    Helena Cai
    Aug 29, 2004
  4. Csaba

    Who's responsible for this ?

    Csaba, Sep 30, 2004, in forum: Perl Misc
    Replies:
    4
    Views:
    112
    Anno Siegel
    Oct 11, 2004
  5. Replies:
    0
    Views:
    410
Loading...

Share This Page