locked
Generate X.509 (non self signed) Client Certificate Programmatically RRS feed

  • Question

  • Hi,

    Is it possible to generate a client certificate on-the-fly in ASP.NET without using makecert.exe? the generated certificate should be signed with a given CA certificate (the specific CA certificate is saved on file system and selected at runtime). The generated certificate should be attached to a web request to another server in order to pull data.

    The flow:

    User asking for an ASP.NET page on IIS -> certificate is generated on IIS using ASP.NET -> calling another server with the certificate attached -> data is returned and is shown on the requested page for the user.

    I couldn't find a way for doing natively through the .NET Framework and explored different options such as:

     

     

    Thanks in advance for your replies.


    Wednesday, January 5, 2011 7:50 AM

All replies

  • I don't know ASP.NET sufficiently well to address the specific technical question you ask, but I would ask you to consider the impact of what you want to do on the security model of the 'other' server.

    Assuming that the 'other' server recognises your CA as trusted (otherwise your client cert is worthless), is your proposed mechanism in accordance with the Certification Policy it is relying on for that trust?  On-the-fly certification in the manner you propose is not something I would be happy with if it was my decision, but the specifics of your situation may justify such an approach.


    Answering policy: see profile.
    Thursday, January 6, 2011 12:14 PM