-1

I've been trying to pass a custom cert within a class function and I'm clearly doing something wrong because it fails on handshake. Please see the code below.

 Public Shared Async Function RevealViaForwardProxy(ByVal redactData As String) As Task(Of String)
        Dim proxy = New WebProxy($"http://{forwardProxy}")
        Dim cert As X509Certificate = X509Certificate.CreateFromCertFile("c:/Users/User/vb/cert.pem")
        Dim credentials = New NetworkCredential(username, password)
        proxy.Credentials = credentials
        Dim client = New HttpClientHandler()
        client.Proxy = proxy
        client.BaseAddress = New Uri("https://httpbin.org/")
        Dim response = Await client.PostAsync("/post", New StringContent(redactData))
        Dim responseBody = Await response.Content.ReadAsStringAsync
        Return JObject.Parse(responseBody)("data").ToObject(Of String)
    End Function

For example in Python I would do it like so for someone looking for more context/understanding of all I want to do: 

def reveal_via_forward_proxy(tokenized_data):
r = requests.post(
    'https://httpbin.org/post',
    data=tokenized_data,
    headers={"Content-type": "application/json"},
    proxies={"https": "https://{}:{}@{}".format(username, password, forward_proxy)},
    verify='cert.pem'
)
assert r.status_code == 200
return r.json()['data']
Joe
  • 39
  • 7
  • Any specific error you can provide? "c:/Users/User/vb/cert.pem" seems fishy...maybe try "c:\Users\User\vb\cert.pem" – NoAlias Nov 06 '17 at 19:42

1 Answers1

1

I think you have a couple of issues to solve here.

  1. While you may be able to load the PEM file, that is not a complete certificate and will not work as a client cert. You need a cert file with both a public and private key, eg a P12 or PFX.
  2. You are not assigning your cert to the web request. I don't have much experience with the HttpClientHandler but from the docs, it appears you would cast the HttpClientHandler to a WebRequestHandler which has the ClientCertificates property.

Edit for clarity - Please read the comments below for the correct answer, based on the Python code. A client certificate and the above is not required. The cert only needs to be trusted.

GMan80013
  • 536
  • 4
  • 13
  • I believe for this particular cert the public key is already on the proxy. If I recall correctly. – Joe Nov 06 '17 at 20:11
  • @Joe, it doesn't really matter. If you are transmitting a message and need to include a client certificate, then the sending system needs to have the public and private keys, and further, for this function to work it needs to be in one file. – GMan80013 Nov 06 '17 at 20:34
  • I'm probably misunderstanding it as a client cert when it's actually a root cert because it works in my python request when I set it as a root cert. – Joe Nov 06 '17 at 21:20
  • This changes things a little. I believe the python verify property is only for checking the server side. This is different in Windows + VB. You just need to install the certificate in your windows store, in Trusted Root Certification Authorities. Then this cert is trusted. This this doesn't work, please post the error you are getting. – GMan80013 Nov 06 '17 at 21:30
  • I will try this and report back. – Joe Nov 07 '17 at 00:02