ssl
certificate validation overriding
ServicePointManager.ServerCertificateValidationCallback +=
new RemoteCertificateValidationCallback(ValidateCertificate);
public static bool ValidateCertificate(object sender, X509Certificate cert,
X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
return true;
}
persistkeyset
Installed certificates expiring? Use X509KeyStorageFlags.PersistKeySet
- What is the impact of PersistKeySet
ssl certificate binding
bind a certificate
netsh http add sslcert ipport=<ipAddress>:<port> ^
certhash={<certificateThumbprint>} appid={<someGuid>}
check current bindings
# all
netsh http show sslcert
# single ip/port
netsh http show sslcert ipport=<ipAddress>:<port>
remove binding
netsh http delete sslcert ipport=<ipAddress>:<port>
errors
When attempting to bind, the following error might occur;
A specified logon session does not exist. It may already have been terminated.
This means a private key needs to be attached to the certificate prior to binding.
http.sys
- Demystify http.sys with HttpSysManager by Nicolas Dorier
windows certificate store
Add certificate authority
Via administrator session
certutil -addstore "CA" .\SomeCertAuthority.pem
Add -f
to force replace if the cert already exists
serve https locally
Create a certificate
openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout ~/git/key.pem -out ~/git/cert.pem
Current directory:
npx http-server -S --cors -C ~/git/cert.pem -K ~/git/key.pem -o --port 3001
A specific directory:
npx http-server my-directory -S --cors -C ~/git/cert.pem -K ~/git/key.pem -o --port 3001