ssl

certificate validation overriding

ServicePointManager.ServerCertificateValidationCallback += 
  new RemoteCertificateValidationCallback(ValidateCertificate);

public static bool ValidateCertificate(object sender, X509Certificate cert, 
  X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
      return true;
}

persistkeyset

Installed certificates expiring? Use X509KeyStorageFlags.PersistKeySet - What is the impact of PersistKeySet

ssl certificate binding

bind a certificate

netsh http add sslcert ipport=<ipAddress>:<port> ^
    certhash={<certificateThumbprint>} appid={<someGuid>}

check current bindings

# all
netsh http show sslcert
# single ip/port
netsh http show sslcert ipport=<ipAddress>:<port>

remove binding

netsh http delete sslcert ipport=<ipAddress>:<port>

errors

When attempting to bind, the following error might occur;

A specified logon session does not exist. It may already have been terminated.

This means a private key needs to be attached to the certificate prior to binding.

http.sys

Demystify http.sys with HttpSysManager by Nicolas Dorier

windows certificate store

Add certificate authority

Via administrator session

certutil -addstore "CA" .\SomeCertAuthority.pem

Add -f to force replace if the cert already exists

serve https locally

Create a certificate

openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout ~/git/key.pem -out ~/git/cert.pem

Current directory:

npx http-server -S --cors -C ~/git/cert.pem -K ~/git/key.pem -o --port 3001

A specific directory:

npx http-server my-directory -S --cors -C ~/git/cert.pem -K ~/git/key.pem -o --port 3001

install certificate authority on iOS

Download the certificate authority certificate: myCA.pem
Tap install
Settings > General > Device Managemnet > Install the cert
Settings > General > About > Certificate Trust Settings > Enable the cert