Secure Socket connection with client certificate

Ask a question

Monday, January 02, 2012 1:58 PM

0

I have an application that we would like to port to Windows Runtime (Metro). It uses a SSL socket connection and must authenticate itself with a client certificate (if not the connection handshake will fail). On other platforms we used openssl to achieve this.

Checking the available documentation it seems that I can set up a SSL socket. But how can I setup the corresponding CA certificate (should only be imported for the application) and client certificate?

Thanks for your time. - Martin
- Reply
- Quote

All Replies

Thursday, January 05, 2012 9:17 PM

Moderator

0
Hi Martin - you can use a Manifest Extension which will package and deploy the certificates for your application.

http://msdn.microsoft.com/en-us/library/windows/apps/hh465052.aspx

http://msdn.microsoft.com/en-us/library/windows/apps/hh464981.aspx

The documentation for Metro-style Crypto/PKI is here:

http://msdn.microsoft.com/en-us/library/windows/apps/hh464964.aspx

I hope this answers your question.
Matt Small - Microsoft Escalation Engineer - Forum Moderator
- Proposed As Answer by Matt SmallMicrosoft Employee, Moderator Thursday, January 05, 2012 9:18 PM
- Reply
- Quote
Wednesday, January 18, 2012 8:50 PM

Moderator

0
Hi Martin - a fellow Microsoft employee saw this post and pointed out to me that different network technologies have different levels of support for client certificates. The HTTP APIs generlly support them, but the StreamSocket does not. I wanted to make it clear for others that might see this post.
Matt Small - Microsoft Escalation Engineer - Forum Moderator
- Marked As Answer by Matt SmallMicrosoft Employee, Moderator Monday, January 23, 2012 3:27 PM
- Reply
- Quote
Monday, March 05, 2012 8:27 PM

0

Matt, when you refer to "HTTP APIs", which APIs are you talking about? Could you provide a link? Thanks!
- Reply
- Quote
Tuesday, March 06, 2012 1:19 AM

0

Microsoft Windows HTTP Services (WinHTTP) http://msdn.microsoft.com/en-us/library/windows/desktop/aa382925(v=vs.85).aspx
- Reply
- Quote
Tuesday, March 06, 2012 2:44 PM

0

The original question was about Metro and WinHTTP is not allowed in Metro. I am hoping that Matt had a different recommendation because otherwise there still is no story here in the Metro world.
- Reply
- Quote
Monday, July 30, 2012 11:23 AM

0
For anyone reading this thread later, it turns out that IXMLHTTPRequest2 does certificate authentication automatically if prompted by the server and if your app has the "Shared User-Certificates" permission applied.
- Proposed As Answer by Adam Gross Tuesday, July 31, 2012 4:04 PM
- Reply
- Quote