1,269 questions
Websocket fails to connect
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 41%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENP%3C/text%3E%3C/svg%3E)
Nivedita Parihar
21
Reputation points
I have created websocket server and binded the self signed certificate with it , when websocket client fails to connect .
Eventviewer logs has this error.
"The TLS server credential's certificate does not have a private key information property attached to it. This most often occurs when a certificate is backed up incorrectly and then later restored. This message can also indicate a certificate enrollment failure."
Please find below code for creating self sign certificate.
var dn = new X500DistinguishedName("CN=" + Dns.GetHostName(),X500DistinguishedNameFlags.None);
var rsa = RSA.Create(); // generate asymmetric key pair
var req = new CertificateRequest(dn, rsa, HashAlgorithmName.SHA512, RSASignaturePadding.Pkcs1);
// key usage: Digital Signature and Key Encipherment
req.CertificateExtensions.Add(
new X509KeyUsageExtension(
System.Security.Cryptography.X509Certificates.X509KeyUsageFlags.KeyEncipherment,
true));
// Enhanced key usages
req.CertificateExtensions.Add(
new X509EnhancedKeyUsageExtension(
new OidCollection {
new Oid("1.3.6.1.5.5.7.3.1") // TLS Server auth
},
false));
// add this subject key identifier
req.CertificateExtensions.Add(
new X509SubjectKeyIdentifierExtension(req.PublicKey, false));
cert = req.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now.AddYears(1));
cert.FriendlyName = "Test";
// Create PFX (PKCS #12) with private key
string CertPath = Path.Combine(certPath, Guid.NewGuid() + ".pfx");
File.WriteAllBytes(CertPath, cert.Export(X509ContentType.Pfx, ""));
Developer technologies .NET .NET Runtime
{count} votes
-
Lex Li (Microsoft) 6,037 Reputation points Microsoft Employee2021-08-30T18:05:54.877+00:00 No matter what WebSockets client you use, you can configure it to skip server certificate validation. Self signed certificates are not trusted by default, and that's why.
-
Nivedita Parihar 21 Reputation points
2021-09-02T12:32:02.163+00:00 Agree, but websocket client is responding with timeout exception, looks like , as per wireshark call went from client to server and as Client Hello message is responded back and Ack then Finish, SO TLS handshake itself is not happening between client and server , how can i skip certificate validation, that comes later
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 28.999999999999996%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXZ%3C/text%3E%3C/svg%3E)
Xingyu Zhao-MSFT 5,381 Reputation points2021-09-03T01:57:46.08+00:00 Hi @Nivedita Parihar ,
Check the links below and see if they are helpful to the question- How to create a selfsigned certificate with CertificateRequest that uses Microsoft Enhanced RSA and AES Cryptographic Provider
- Generate and Sign Certificate Request using pure .net Framework
You can convert the C# code to VB. NET.
Sign in to comment
Sign in to answer