«
»

How to develop secure .NET applications using Server SSL Certificates and Client Certificates – PART 3

February 20, 2009 - 4:43 pm No Comments

The following article is part 3 in a 4 part series of articles about developing .NET applications using SSL. Part 1 in this series can be found here and part 2 can be found here.


Installing Certificates into the correct Certificate Stores

Applications depend heavily on server SSL and client certificates being installed in the correct certificate stores. Certificates may need to be copied and pasted or exported and imported into stores in order to get the systems correctly working together in a secure manner.


Client application (with client certificate):

  1. Local Computer > Trusted Root Authority store should contain the Root CA certificate of the Server SSL Certificate Issuer of the Web application.
  2. Current User > Personal store should contain the Client Certificate for the Client application.
  3. Current User > Trusted Root Authority store should contain the Root CA certificate of the Client Certificate Issuer of the Client application

Web application (with server SSL certificate):
  1. Local Computer > Personal store should contain the Server SSL Certificate for the Web application.
  2. Local Computer > Trusted Root Authority store should contain the Root CA certificate of the Server SSL Certificate Issuer of the Web application.
  3. Local Computer > Trusted Root Authority store should contain the Root CA certificate of the Client Certificate Issuer of the Client application.
  4. Current User > Trusted Root Authority store should contain the Root CA certificate of the Client Certificate Issuer of the Client application.

How to verify the above certificates are in the correct locations:
  1. From the Start menu, select Run, type “mmc” and click OK. This will open the Microsoft Management Console.
  2. Click on the File menu option then on “Add/Remove Snap-in”.
  3. In the Add/Remove Snap-in dialog, click the Add button.
  4. From the Add Standalone Snap-in dialog, select “Certificates” from the list of snap-ins, and click Add.
  5. Select the “Computer account” option and click Add. Select “Local computer” and click Finish.
  6. If you are logged in as the user that will be used to run the client application, add the “My user account” as well.
  7. Now you will be able to look through the Certificates that are installed in all the different stores.
  • Share/Bookmark

Tags: , ,   Posted Coding, Technology |

Leave a Reply