stafford williamsssl
certificate validation overriding
ServicePointManager.ServerCertificateValidationCallback +=
new RemoteCertificateValidationCallback(ValidateCertificate);
public static bool ValidateCertificate(object sender, X509Certificate cert,
X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
return true;
}
persistkeyset
Installed certificates expiring? Use X509KeyStorageFlags.PersistKeySet - What is the impact of PersistKeySet
ssl certificate binding
bind a certificate
netsh http add sslcert ipport=<ipAddress>:<port> ^
certhash={<certificateThumbprint>} appid={<someGuid>}
check current bindings
# all
netsh http show sslcert
# single ip/port
netsh http show sslcert ipport=<ipAddress>:<port>
remove binding
netsh http delete sslcert ipport=<ipAddress>:<port>
errors
When attempting to bind, the following error might occur;
A specified logon session does not exist. It may already have been terminated.
This means a private key needs to be attached to the certificate prior to binding.
http.sys
- Demystify http.sys with HttpSysManager by Nicolas Dorier
windows certificate store
Add certificate authority
Via administrator session
certutil -addstore "CA" .\SomeCertAuthority.pem
Add -f to force replace if the cert already exists
serve https locally
Create a certificate
openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout ~/git/key.pem -out ~/git/cert.pem
Current directory:
npx http-server -S --cors -C ~/git/cert.pem -K ~/git/key.pem -o --port 3001
A specific directory:
npx http-server my-directory -S --cors -C ~/git/cert.pem -K ~/git/key.pem -o --port 3001
install certificate authority on iOS
open ssl helpers
Display the subjectAltName of a certificate:
openssl x509 -noout -ext subjectAltName -in ./keys/cert.pem
Convert to pfx:
openssl pkcs12 -export -out ./keys/myCA.pfx -inkey ./keys/myCA.key -in ./keys/myCA.pem
install certificate authority on android
- Download the certificate authority certificate: myCA.pem
- Settings > Security > Encryption and credentials > Install a certificate > CA certificate