question

NiveditaParihar-3531 avatar image
0 Votes"
NiveditaParihar-3531 asked XingyuZhao-MSFT commented

Websocket fails to connect

I have created websocket server and binded the self signed certificate with it , when websocket client fails to connect .
Eventviewer logs has this error.

"The TLS server credential's certificate does not have a private key information property attached to it. This most often occurs when a certificate is backed up incorrectly and then later restored. This message can also indicate a certificate enrollment failure."

Please find below code for creating self sign certificate.

var dn = new X500DistinguishedName("CN=" + Dns.GetHostName(),X500DistinguishedNameFlags.None);
var rsa = RSA.Create(); // generate asymmetric key pair
var req = new CertificateRequest(dn, rsa, HashAlgorithmName.SHA512, RSASignaturePadding.Pkcs1);
// key usage: Digital Signature and Key Encipherment
req.CertificateExtensions.Add(
new X509KeyUsageExtension(
System.Security.Cryptography.X509Certificates.X509KeyUsageFlags.KeyEncipherment,
true));
// Enhanced key usages
req.CertificateExtensions.Add(
new X509EnhancedKeyUsageExtension(
new OidCollection {
new Oid("1.3.6.1.5.5.7.3.1") // TLS Server auth
},
false));
// add this subject key identifier
req.CertificateExtensions.Add(
new X509SubjectKeyIdentifierExtension(req.PublicKey, false));

             cert = req.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now.AddYears(1));
             cert.FriendlyName = "Test";

             // Create PFX (PKCS #12) with private key
             string CertPath = Path.Combine(certPath, Guid.NewGuid() + ".pfx");
             File.WriteAllBytes(CertPath, cert.Export(X509ContentType.Pfx, ""));
dotnet-runtime
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

No matter what WebSockets client you use, you can configure it to skip server certificate validation. Self signed certificates are not trusted by default, and that's why.

0 Votes 0 ·

Agree, but websocket client is responding with timeout exception, looks like , as per wireshark call went from client to server and as Client Hello message is responded back and Ack then Finish, SO TLS handshake itself is not happening between client and server , how can i skip certificate validation, that comes later

0 Votes 0 ·

0 Answers