I want to read sslClientStream and it needs AuthenticateAsServer, But I'm looking for another way to read sslClientStream without AuthenticateAsServer. I'm newbie in TLS,SSL subject Thanks for any help.
Asked
Active
Viewed 38 times
0
-
You might want to tell us why you don't want that. – Ralf Nov 03 '22 at 09:19
-
@Ralf because if I use AuthenticateAsServer, I need a certificate with a privatekey in it, my certificate does not have a privateKey in it. – TBT Nov 03 '22 at 12:55
-
Then you aren't the server in this communication? Use AuthenticateAsClient then. If you want to check that the server provides the correct certificate and not just that is valid on the client you can use the RemoteCertificateValidationCallback delegate that you can provide when creating the SSLStream. – Ralf Nov 03 '22 at 14:42
-
@Ralf actually I am the server. – TBT Nov 03 '22 at 19:06
-
Then your cert must have a privatekey. Without that the security thing would be useless anyway. – Ralf Nov 03 '22 at 19:08
-
@Ralf the privatekey is in HSM and it’s not extractable. Cause this situation I am looking for a solution. – TBT Nov 04 '22 at 04:38
-
You might want to ask another more focused question explicitly how to use the HSM you have. Typically usage is to let the HSM sign a certificate and then use that certificate further on. But how, what, when with what API is up to the manufacturer of the hardware and what driver they provided on the OS you use. – Ralf Nov 04 '22 at 08:23