My Clients (Xamarin.Forms App for iOs, Android and UWP) are conncted via HTTPS over a revers-proxy server to a custom DA Server running as a Daemon on a Raspberry Pi.
The Raspi (with OpenSSL Certificate) is connected via OpenVPN and Https to my reverse-proxy (with a Letsencrypt Certificate).
All works fine, but for more security, i want to check/validate the certificate from my reverse-proxy on my DA server.
Assuming your server in .NET based you could do this using the ValidateRemoteCertificate event of the SslOptions object in your server channel properties.
static class Program
{
public static int Main(string[] args)
{
ApplicationServer server = new ApplicationServer("ROServer5");
server.NetworkServer.UseTLS = true;
//.... Load the certificate here ....
var channel = new IpHttpServerChannel();
channel.SslOptions.ValidateRemoteCertificate += SslOptionsOnValidateRemoteCertificate;
server.NetworkServer.ServerChannel = channel;
server.NetworkServer.Port = 8099;
server.Run(args);
return 0;
}
private static void SslOptionsOnValidateRemoteCertificate(object sender, SslValidateCertificateEventArgs e)
{
if (e.Certificate == null)
{
e.Cancel = true;
}
// Validate the certificate, f.e. by checking its issuer and hash
}
}