Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Httplistener with HTTPS support

There seems to be a lot of confusing, sometimes conflicting, information with regards to making a .NET HTTPListener HTTPS capable. My understanding is as follows:

  • One's C# code needs an https prefix (for example, https://*:8443) in order for the listener to understand that it needs to service SSL requests at this port.

  • The actual SSL handshake happens under the covers and is handled by http.sys (buried somewhere on the Windows machine). The C# code doesn't have to explicitly manage the SSL handshake, because it happens under the covers.

  • One needs to have a "X.509 trusted certificate" on the httpListener machine, and somehow that certificate needs to be bound to port 8443 (in this example).

Is my understanding above correct? If not, please educate me.

Regarding X.509 certificates, my understanding is:

  • Use makecert to create an X.509 certificate. This certificate gets stored in the personal store and needs to get moved over to the Trusted Store (this is where the HTTP listener will look). It seems I can use certMgr to perform the move, or I can use mmc to effect the move. It seems there is more than one X.509 certificate format (DER, Base64, pks, pswd protected, pks private, etc.)... Is there a preferred format I should use?

Once I get the certificate into the trusted store, I need to bind it to the TCP port. I am on Windows 7: should I be using httpcfg or netsh?

like image 842
Walter Kelt Avatar asked Jul 09 '12 21:07

Walter Kelt


People also ask

Does localhost work with https?

Most of the time, http://localhost does what you need: in browsers, it mostly behaves like HTTPS 🔒. That's why some APIs that won't work on a deployed HTTP site, will work on http://localhost .

What is an HTTP listener?

An HTTP listener, also known as a network listener, is a listen socket that has an Internet Protocol (IP) address, a port number, a server name, and a default virtual server. Each virtual server provides connections between the server and clients through one or more listeners.

What is HTTP listener in C#?

The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web. HttpListener is a simple, programmatically controlled HTTP protocol listener. It can be used to create HTTP servers.


1 Answers

I did a bunch of homework and got this working. The steps to add SSL support for an .NET HttpListener are:

  1. Update C# application code to include the https prefix. Example:

    String[] prefixes = { "http://*:8089/","https://*:8443/" }; 

    That's it from the code aspect.

  2. For the certificate side of things, using the Windows SDK command console or Visual Studio Professional command console

    • Use makecert.exe to create a certificate authority. Example:

      makecert -n "CN=vMargeCA" -r -sv vMargeCA.pvk vMargeCA.cer 
    • Use makecert.exe to create an SSL certificate

      makecert -sk vMargeSignedByCA -iv vMargeCA.pvk -n "CN=vMargeSignedByCA" -ic vMargeCA.cer vMargeSignedByCA.cer -sr localmachine -ss My 
    • Use MMC GUI to install CA in Trusted Authority store

    • Use MMC GUI to install an SSL certificate in Personal store
    • Bind certificate to IP address:port and application. Example:

      netsh http add sslcert ipport=0.0.0.0:8443 certhash=585947f104b5bce53239f02d1c6fed06832f47dc appid={df8c8073-5a4b-4810-b469-5975a9c95230} 

      The certhash is the thumbprint from your SSL certificate. You can find this using mmc. The appid is found in Visual Studio...usually in assembly.cs, look for the GUID value.

There may be other ways to accomplish the above, but this worked for me.

like image 197
Walter Kelt Avatar answered Sep 20 '22 20:09

Walter Kelt