Summary
The post shows the step by step procedure of how to create the self signed certificate and how to configure the SSL connection. The example then implements the HTTPS client server communication using Eneter.Messaging.Framework.
Introduction
SSL (Secure Socket Layer) is a standard security protocol to verify the identity of communicating parts and establish the encrypted communication.
Here is how the communication works (if only the server is certified):
The client connects the server and asks for the digital certificate.
The client verifies the received certificate (i.e. if the certificate is issued by a trusted authority, if the domain from the certificate matches the domain sending the certificate, ...)
The client creates a session key, encrypts it with the public key from the received certificate and sends it to the server.
The server decrypts the session key from the client and uses it to encrypt the content for the client.
The client uses the session key to decrypt the content from the server.
Digital Certificate
The digital certificate is like an ID card. It identifies its owner. And same as in the real world, where ID cards are accepted only if they are issued by trusted authorities (If I create my own driver license, it would not probably be accepted by a policeman.), also digital certificates are accepted if they are issued by trusted authorities.
Therefore, it is important to check if the "ID card" can be accepted - i.e. if the digital certificate was issued (digital signed) by a trusted authority. Typically, for the world wide communication, the certificate is issued by a third party mutually trusted authority (e.g. Verisign).
Self Signed Certificate
In case the certificate does not have to be issued (digitally signed) by a trusted third party authority, we can generate our own self signed certificate (e.g. for testing purposes or internal intranet usage, ...).
1. Create Certificate
Execute Visual Studio command prompt with Administrator privileges.
makecert -r -n CN="127.0.0.1" -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localmachine -sky exchange
(Instead of 127.0.0.1, you can use your IP address or the domain name.
More information about 'makecert' can be found here.)
2. Configure the certificate to be trusted
Execute from the command prompt: mmc
Choose 'Add/Remove Snap-in...'
Read more: Codeproject