|
Rank: Newbie Groups: Member
Joined: 5/26/2015 Posts: 1
|
Hi ,
We are evaluating the EO Browser control and looks good .
We are facing certain challenges using the EO Browser control specially with the mutual authentication .
We have a client certificate that is of type (.pfx) which needs to be passed to the EO Browser control in the NeedClientCertificate . This is of type X509Certificate2 in .NET.
Currently when we pass the certificate , looks like it is converting it to X509Certificate and hence loses the private key when assigned with the continue method .
With this approach , it looks like the certificate needs to be added to the windows store for the client authentication to work .
How to solve this issue where I can use the certificate with private key directly with the EO browser without adding the certificate to the Windows store ?
|
|
Rank: Administration Groups: Administration
Joined: 5/27/2007 Posts: 24,229
|
Hi,
Currently there is no way for you to do that. We can add a new method that would allow you to pass the raw certificate data directly to the browser engine. We will let you know as soon as we have a test build for you.
Thanks!
|
|
Rank: Member Groups: Member
Joined: 8/5/2015 Posts: 12
|
Hi , We are evaluating the EO Browser control. We have used the newly added method "Continue(byte[] rawcertData)" to pass the raw certificate in order to avoid the certificate store. When we convert the X509Certificate2 to bytearray with private key, and pass it to Continue method then it gives bad client cert data error with the code -135. How to solve this issue where I can use the certificate array with private key directly with the EO browser "Continue(byte[] rawcertData)" method? Please provide some sample code. Here is the code which we tried:
Code: C#
X509Certificate2 cert = new X509Certificate2(fileDG.FileName, "xawwew", X509KeyStorageFlags.Exportable | 509KeyStorageFlags.PersistKeySet);
var PFXByteArray = cert.Export(X509ContentType.Pfx);
e.Continue(PFXByteArray);
|
|
Rank: Administration Groups: Administration
Joined: 5/27/2007 Posts: 24,229
|
Hi, Error code -135 is ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY. You can try the code in this link and see if it works for you: http://stackoverflow.com/questions/9810887/export-x509certificate2-to-byte-array-with-the-private-keyThanks!
|
|
Rank: Member Groups: Member
Joined: 8/5/2015 Posts: 12
|
Hi, We tried the same and pass the Certificate Byte Array with privatekey to Continue Method gives -117 error (ERR_BAD_SSL_CLIENT_AUTH_CERT)How to solve this issue where I can use the certificate array with private key directly with the EO browser "Continue(byte[] rawcertData)" method? Here is code which we tried:
Code: C#
X509Certificate2 cert = new X509Certificate2(certificateFileName, "Pass", X509KeyStorageFlags.Exportable|X509KeyStorageFlags.PersistKeySet);
var pfxCertBytes = cert.Export(X509ContentType.Pkcs12);
e.Continue(pfxCertBytes);
The above code gives -117 error (ERR_BAD_SSL_CLIENT_AUTH_CERT)also we tried the below method gives same -117 error (ERR_BAD_SSL_CLIENT_AUTH_CERT)
Code: C#
pfxCertBytes = cert.Export(X509ContentType.Pfx);
|
|
Rank: Administration Groups: Administration
Joined: 5/27/2007 Posts: 24,229
|
Hi, Can you send us a test certificate as well as the server Url that you use to test the certificate so that we can debug it here? See here for our email address: http://www.essentialobjects.com/forum/test_project.aspxThanks!
|
|
Rank: Member Groups: Member
Joined: 8/5/2015 Posts: 12
|
Hi,
We have sent the test certificate via email with the subject "Test Certificate for the thread 37951". we used the local host apache tomcat server with client certificate authentication enabled for testing.so we don’t have any server url.
Thanks!
|
|
Rank: Member Groups: Member
Joined: 8/5/2015 Posts: 12
|
Hi,
Is there any update on this?. Please let us know if you need anything.
|
|
Rank: Administration Groups: Administration
Joined: 5/27/2007 Posts: 24,229
|
Hi,
I apologize for the delay. This is just to let you know that we are still working on it. The code in the browser engine calls Windows API CertAddEncodedCertificateToStore to load the certificate data, however this function does not take PKCS#12 format (which contains private key). So I am not sure how this works. We will continue researching and reply again if we find anything.
Thanks
|
|
Rank: Member Groups: Member
Joined: 8/5/2015 Posts: 12
|
Hi, Is there any update on this?
|
|
Rank: Member Groups: Member
Joined: 8/5/2015 Posts: 12
|
Please check the below link for some information about storing the certificate with private key. http://stackoverflow.com/questions/7273231/creating-a-temporary-client-certificate-including-a-private-keyLet us know if there is any update on this. This is a blocker issue for us to proceed further. Thanks!
|
|
Rank: Administration Groups: Administration
Joined: 5/27/2007 Posts: 24,229
|
Thanks for the additional information. We have revisited this issue thoroughly and should have an update build soon (possibily next week) that would support this. We would add an overloaded version of the Continue method that would take two parameters: both the binary certificate data and the password. That version will allow you to use your own custom PKCS#12 certificate file. We will post here again when the new build is available.
|
|
Rank: Administration Groups: Administration
Joined: 5/27/2007 Posts: 24,229
|
Hi,
This is just to let you know that we have posted a new build that supports PKCS#12. In your NeedClientCertificate event handler you will need to call e.Continue(certificate_data, certificate_password) in order to supply the PKCS#12 certificate. This version of Continue with a password is new in this build. Note that in order to use client certificate, the CA that is used to sign the certificate must be a trusted CA by the server so that the server can verify the certificate.
Please see your private message for the download location of the new build.
Thanks!
|
|