Websocket Certificate

0 votes
asked Feb 28, 2020 by kellydanielc (120 points)

I am using WebSocket 2020 R1 and attempting to connect to a WebSocket server for which they have given us a certificate to use (*.cer).

I have imported the certificate into Windows and also tried to load it using the Certificate.LoadDER but I cant see the way to tell the WebSocket Connection to actually use the certificate.

Ive searched the forums and documentation but cant see how to do it.

Any help would be appreciated.


1 Answer

0 votes
answered Feb 28, 2020 by Lukas Matyska (59,010 points)
edited Mar 3, 2020 by Lukas Matyska

I am not sure whether you are talking about using your certificate for client-certificate-authentication or server-identity-verification.

Since you mentioned it is a *.cer file, I assume, you need to verify server identity using this certificate.
I am also not sure, whether the *.cer file is a Root Certification Authority certificate or Leaf certificate issued just for your server.

I will describe all 3 possibilities:

  1. Verify server identity if you have Root CA certificate:
    Just import the Root CA certificate into your Windows Certificate Store under Trusted Root Certification Authorities.
    The validation is performed against Windows Certificate Store automatically.

  2. Verify server identity if you have server (leaf) certificate only, or if you don't want to import Root CA certificate globally:
    Use socket.ValidatingCertificate event handler to perform custom certificate validation.
    For sample code see https://www.rebex.net/websocket/features/tls-ssl.aspx#custom-certificate-validation

  3. Perform client certificate authentication:
    For this, you need a certificate with associated private key (typically a *.pfx file or a Personal certificate in Windows Certificate Store).
    Again, client certificate selection is performed using the Windows Certificate Store automatically.
    Use socket.Settings.SslCertificateRequestHandler to perform custom certificate selection.
    For sample code see https://www.rebex.net/websocket/features/tls-ssl.aspx#client-certificate

commented Mar 2, 2020 by kellydanielc (120 points)
Thanks for the information.

Ive been informed that the certificate is to be used for client certificate authentication.

So looking at option 3 I dont have any Parameters available on the WebSocket class.

var eventSocket = new WebSocketClient();
eventSocket.Parameter //Not available..  

Im sure Im missing something very simple.


commented Mar 3, 2020 by Lukas Pokorny (123,150 points)
Sorry, the property name in (3) was wrong (it applied to Rebex TLS socket, but not to Rebex WebSocket). Instead of "socket.Parameters.CertificateRequestHandler", please use "eventSocket.Settings.SslCertificateRequestHandler":

var eventSocket = new WebSocketClient();
eventSocket.Settings.SslCertificateRequestHandler = ...

For sample code, see https://www.rebex.net/websocket/features/tls-ssl.aspx#client-certificate instead.