SSL/TSL - Issue in finding Certificates

Question

I am testing the example given in below link.

https://msdn.microsoft.com/en-us/library/system.net.security.sslstream.aspx

To generate certificates I am using the one with 40 userful answers SSLStream example - how do I get certificates that work?

To run the server I am using command SslTcpServer.exe TempCert.cer

Below is the code from msdn where I am facing problem.

public static int Main(string[] args)
        {
            string serverCertificateName = null;
            string machineName = null;
            if (args == null ||args.Length <1 )
            {
                DisplayUsage();
            }
            // User can specify the machine name and server name.
            // Server name must match the name on the server's certificate. 
            machineName = args[0];
            if (args.Length <2 )
            {
                serverCertificateName = machineName;
            }
            else 
            {
                serverCertificateName = args[1];
            }
            SslTcpClient.RunClient (machineName, serverCertificateName);
            return 0;
        }

I get below error when calling X509Certificate.CreateFromCertFile: System.Security.Cryptography.CryptographicException: 'The system cannot find the file specified.

public static void RunServer(string certificate)
        {
            serverCertificate = X509Certificate.CreateFromCertFile(certificate);
            // Create a TCP/IP (IPv4) socket and listen for incoming connections.
            //serverCertificate = new X509Certificate2(certificate,"");
   }

serverCertificateName is passed as argument and it should be just the name of the certificate or should i give the full path of the certificate?

If I give path of the certificate it is working fine.Then what is point in installing the certificates in the store? How can I get it from store and use it?

Answer 1

Here is some code that will return a list of the host names supported by installed certificates (that's a little more than you wanted, but should point you in the right direction):

        System.Security.Cryptography.X509Certificates.X509Store store = new System.Security.Cryptography.X509Certificates.X509Store(System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine);
        store.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadOnly);
        HashSet<string> certificateNames = new HashSet<string>();
        foreach (System.Security.Cryptography.X509Certificates.X509Certificate2 mCert in store.Certificates)
        {
            // is this a UCC certificate?
            System.Security.Cryptography.X509Certificates.X509Extension uccSan = mCert.Extensions["2.5.29.17"];
            if (uccSan != null)
            {
                foreach (string nvp in uccSan.Format(true).Split(new string[] { Environment.NewLine }, StringSplitOptions.RemoveEmptyEntries))
                {
                    string[] parts = nvp.Split('=');
                    string name = parts[0];
                    string value = (parts.Length > 0) ? parts[1] : null;
                    if (String.Equals(name, "DNS Name", StringComparison.InvariantCultureIgnoreCase))
                    {
                        certificateNames.Add(value.ToLowerInvariant());
                    }
                }
            }
            else // just a regular certificate--add the single name
            {
                string certificateHost = mCert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false);
                certificateNames.Add(certificateHost.ToLowerInvariant());
            }
        }
        return certificateNames;