Validate Client Certificate on Server Site

Hi,

My Clients (Xamarin.Forms App for iOs, Android and UWP) are conncted via HTTPS over a revers-proxy server to a custom DA Server running as a Daemon on a Raspberry Pi.
The Raspi (with OpenSSL Certificate) is connected via OpenVPN and Https to my reverse-proxy (with a Letsencrypt Certificate).

All works fine, but for more security, i want to check/validate the certificate from my reverse-proxy on my DA server.

How could i do this.?

Thanks and Regards
Helmut

Hello

Assuming your server in .NET based you could do this using the ValidateRemoteCertificate event of the SslOptions object in your server channel properties.

There you’ll have access to the certificate info.

Hope that helps.

Hello

Thanks. Do you have more hints, code-snippets or a sample for me ??
This is my Main in Program.cs

	[STAThread]
	public static int Main(String[] args)
	{	
        ApplicationServer server = new CustomApplicationServer("DArelay");

        server.NetworkServer.UseTLS = true;                                    // Enable traffic encryption
        server.NetworkServer.CertificateFileName = "server-cert.pfx";   // Optionally, load certificate from file

        server.NetworkServer.ServerChannel = new RemObjects.SDK.Server.IpHttpServerChannel();
        server.NetworkServer.Port = 8099;
		server.Run(args);
        return 0;
	}

Regards
Helmut

F.e like that:

static class Program
{
	public static int Main(string[] args)
	{
		ApplicationServer server = new ApplicationServer("ROServer5");

		server.NetworkServer.UseTLS = true;

        //.... Load the certificate here ....

		var channel = new IpHttpServerChannel();
		channel.SslOptions.ValidateRemoteCertificate += SslOptionsOnValidateRemoteCertificate;

		server.NetworkServer.ServerChannel = channel;
		server.NetworkServer.Port = 8099;

		server.Run(args);
		return 0;
	}

	private static void SslOptionsOnValidateRemoteCertificate(object sender, SslValidateCertificateEventArgs e)
	{
		if (e.Certificate == null)
		{
			e.Cancel = true;
		}

		// Validate the certificate, f.e. by checking its issuer and hash
	}
}

Thanks, i tried it.

But if i set a breakpoint in

private static void SslOptionsOnValidateRemoteCertificate(object sender, SslValidateCertificateEventArgs e)

this breakpoint will never be reached, even after Client-Login and Data access.

Something missing ??

Regards

Hello

Please create a testcase: just create a new server app using the template, add there your certificate-related code and send this project to support@

Thanks in advance

Hello Anton,

I find out that i’m reaching the breakpoint if i connect from a Windows.Forms Client, but not from a PCL Client.

So try it with a PCL Client (using the template).

Regards

Thanks, logged as bugs://77958

Ah, I see what you mean. In the next Beta I’ll tune up some internal settings to mae that easier to handle.

bugs://77958 got closed with status fixed.