I had to do a mutual SSL authentication for peer-peer communication not localhost(from one machine to another). This is done asynchronously using Microsoft.Net Socket Communication Class along with SslStream class BeginAuthenticateAsServer and BeginAuthenticateAsClient having ValidateServerCertificate and ValidateClientCertificate callbacks. For this i have created self-signed certificates comprising of
• Root Certificate
• Server Certificate
• Client Certificate
To generate the aforementioned certificates I placed the makecert.exe and pvk2pfx.exe in a folder and then ran the below commands.
Root Certificate Creation command
-To create .cer and generate private key
makecert.exe -n "CN=abc.com" -r -pe -a sha512 -len 4096 -sky signature -cy authority -sv RootCert.pvk RootCert.cer
-To create .pfx using the .cer and private key
pvk2pfx -pvk RootCert.pvk -spc RootCert.cer -pfx RootCert.pfx -po test123
Server Certificate creation command
-To create .cer and generate private key
makecert.exe -pe -n "CN=abc.com" -a sha512 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -ic RootCert.cer -iv RootCert.pvk -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -sv ServerCert.pvk ServerCert.cer
-To create .pfx using the .cer and private key
pvk2pfx -pvk ServerCert.pvk -spc ServerCert.cer -pfx ServerCert.pfx -po test123
Client Certificate creation command
-To create .cer and generate private key
makecert.exe -pe -n "CN=abc.com" -a sha512 -sky exchange -eku 1.3.6.1.5.5.7.3.2 -ic RootCert.cer -iv RootCert.pvk -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -sv ClientCert.pvk ClientCert.cer
-To create .pfx using the .cer and private key
pvk2pfx -pvk ClientCert.pvk -spc ClientCert.cer -pfx ClientCert.pfx -po test123
For mutual peer-peer authentication, where do I need to put these certificates in MMC console? Do I need to install these in The local machine store or The current user store?
Thanks in advance
