[CSHARP-658] Add support for sending Client SSL certificates Created: 15/Jan/13  Updated: 25/Jan/13  Resolved: 25/Jan/13

Status: Closed
Project: C# Driver
Component/s: None
Affects Version/s: None
Fix Version/s: 1.8

Type: New Feature Priority: Major - P3
Reporter: Craig Wilson Assignee: Robert Stam
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by DRIVERS-65 SSL certificate validation testing Closed

 Description   

The server will support accepting client certificates in server 2.4. We need an api to allow a driver user to specify a certificate to send to the server.



 Comments   
Comment by auto [ 25/Jan/13 ]

Author:

{u'date': u'2013-01-25T15:01:34Z', u'email': u'robert@10gen.com', u'name': u'rstam'}

Message: CSHARP-658: Added a test certificate so SslSettingsTests pass on Mono also.
Branch: master
https://github.com/mongodb/mongo-csharp-driver/commit/20c0c3bc4ffe49abd91e861a6d92fa9741783b74

Comment by Robert Stam [ 25/Jan/13 ]

We have added a test certificate called "testcert.pfx" for the unit tests to use.

It was created using the following openssl commands:

openssl req -new -x509 -days 9999 -nodes -out testcert.pem -keyout testcert.key
openssl pkcs12 -in testcert.pem -inkey testcert.key -export -out testcert.pfx

Comment by auto [ 24/Jan/13 ]

Author:

{u'date': u'2013-01-24T18:27:17Z', u'email': u'robert@10gen.com', u'name': u'rstam'}

Message: CSHARP-658: Add support for sending client SSL certificates.
Branch: master
https://github.com/mongodb/mongo-csharp-driver/commit/7c17a7d5a7fe0bc8651aaf7be855b32521d51a8f

Comment by Robert Stam [ 16/Jan/13 ]

Here's some sample code showing how the client could provide the driver with the client side certificate for SSL:

var connectionString = "mongodb://somehost";
var clientSettings = MongoClientSettings.FromUrl(new MongoUrl(connectionString));
clientSettings.SslClientCertificate = new X509Certificate2("client.pfx", password);
clientSettings.UseSsl = true;
clientSettings.VerifySslCertificate = false; // only because the server's certificate in my testing environment was self signed
var client = new MongoClient(clientSettings);

In my testing scenario I was provided the client certificate in the form of a "client.pem" file which contained both the client certificate and the private key. I created a new "client.key" file by making a copy of "client.pem" and removing the certificate part with a text editor. I then used openssl to create the "client.pfx" file that Windows could work with:

openssl pkcs12 -in client.pem -inkey client.key -export -out client.pfx

openssl prompted for a password twice, once to read the client.key file and again to password protected the client.pfx output file.

Generated at Wed Feb 07 21:37:28 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.