D
Daniel Lee
My company is providing asp.net web service method to a third party company.
It's implmented using client certificate authentication over SSL. My network
manager generated a client certificate for the company. However, the company
decided to create their own. The issue is that they need to have a control
of private key.
Here is my sample for the client code:
com.inswriter.confirm.Service service = new com.inswriter.confirm.Service();
// Acknowledge the pipeline and optionally check and see that the Server
// Certificate matches what you want, in this case
// "CN=CertName"
ServicePointManager.ServerCertificateValidationCallback = delegate(Object
sender, X509Certificate cert, X509Chain chain, SslPolicyErrors err) { return
cert.Issuer.Equals(certName); };
// Attach the client certificate,
X509Certificate c = X509Certificate.CreateFromCertFile(
@"C:\CertFileDir\lynxder.cer");
service.ClientCertificates.Add(c);
// submit request (no message encryption)
string response = service.getpolicy(request);
My question is:
Does private key in the certificate involved at all in the client request?
If not, does it matter who generate the certificate?
Thanks in advance
It's implmented using client certificate authentication over SSL. My network
manager generated a client certificate for the company. However, the company
decided to create their own. The issue is that they need to have a control
of private key.
Here is my sample for the client code:
com.inswriter.confirm.Service service = new com.inswriter.confirm.Service();
// Acknowledge the pipeline and optionally check and see that the Server
// Certificate matches what you want, in this case
// "CN=CertName"
ServicePointManager.ServerCertificateValidationCallback = delegate(Object
sender, X509Certificate cert, X509Chain chain, SslPolicyErrors err) { return
cert.Issuer.Equals(certName); };
// Attach the client certificate,
X509Certificate c = X509Certificate.CreateFromCertFile(
@"C:\CertFileDir\lynxder.cer");
service.ClientCertificates.Add(c);
// submit request (no message encryption)
string response = service.getpolicy(request);
My question is:
Does private key in the certificate involved at all in the client request?
If not, does it matter who generate the certificate?
Thanks in advance