Running Http WebServer with SSL on Fez Raptor

Hello everybody,
I’m trying to run a http web server with ssl on my fez raptor. I’m using latest version of netmf (Microsoft .NET Micro Framework 4.3 (QFE2) & GHI Electronics NETMF SDK 2015 R1) I used openSSL certification according to :

this is the code i’m using:

 localEndPoint = new IPEndPoint(IPAddress.Any, 2000);

            using (SslStream sslStream = new SslStream(server))
                    X509Certificate serverCert = new X509Certificate(Resources.GetBytes( , "myPassword");

                        new SslProtocols[] { SslProtocols.Default });

                    sslStream.ReadTimeout = -1;
                    byte[] inBuffer = new byte[1000];
                    int count = sslStream.Read(inBuffer, 0, inBuffer.Length);
                    string message = new string(Encoding.UTF8.GetChars(inBuffer));
                    while (true)
                        Socket clientSocket = server.Accept();
                        new ProcessClientRequest(clientSocket);

                catch (Exception e)


But when it reach the sslStream.AuthenticateAsServer, It goes to catch with following message:

Can anybody help? Is it related to te netmf sdk version?

@ Ehsan Ansari - Have you updated the SSL seed through MFDeploy?

@ John - It is strange…!
We have 2 tools. MFDeploy and Fez Config
when I try to update ssl seed through FEZ Config => Deployment (Advance). nothing happened. No error and no feed back!
Is it normal?
But the same work using MFDeploy seems to be ok. MFDeploy => target => manage device keys => update ssl seed. it shows:

Updating SSL seed…
Update Complete!

But the problem still exists.nothing solved! :frowning:

@ Ehsan Ansari - Does the same code work in the emulator?

@ Ehsan Ansari -

I’m using latest version of netmf (Microsoft .NET Micro Framework 4.3 (QFE2) & GHI Electronics NETMF SDK 2015 R1) [/quote]

Latest is 2016 R1, should update to that one to get SSl working on your device.
After updated to latest firmware, remember to update SSL seed before starting.

@ Ehsan Ansari -

Not quite Dat. The latest supported version is SDK 2015 R1, the latest PRE-RELEASE (beta) is 2016 R1. Since there are SSL updates in the beta, what we should be suggesting is that @ Ehsan Ansari should TEST the beta 2016 R1 and see if that addresses the issue they’re seeing, so that once the full release of 2016 R1 occurs they will know the fix needed is present. (Gus continues to say that the beta is a test SDK and not to use it in production; we don’t know what the poster is doing and whether using the beta will be a problem for them or not)

@ Brett -

Sorry, what I meant is 2016 - pre-release R1. :))
Anyway, earlier than that version, I don’t think SSL work correctly on G400 and G120.

OK guys…
I updated it to 2016 - pre-release R1. But nothing changed. The same error occurs… :wall:
(I updated the ssl seed using MFDeploy after updating to 2016 - pre-release R1)

@ John - I’m not familiar with netmf emulator
Is there any sample code for using emulator instead of ethernetENC28 physical module?

@ Ehsan Ansari - Under project properties you will change the device transport from USB to Emulator. You will need to take out all GHI specific functions like the ENC28. It will use the network interface on your computer instead. The rest of your code will remain the same.

@ John - I can’t execute your scenario
As a test, I created a new gadgeteer project and put just one Fez Raptor mainboard in program.gadgeteer diagram. After that I changed deployment transport from usb to emulator. But, this is the error I recieve:

So what is wrong?
the body of program.cs contains only :

   void ProgramStarted()
            Debug.Print("Program Started");

@ Ehsan Ansari - You cannot use Gadgeteer in the emulator, you will need to create a Micro Framework Console Application.

For Emulator:
If I remember correctly, there should be an example of this when we installed NetMF.
it is usually under C:\Users\xxx\Documents\Microsoft .NET Micro Framework 4.3\Samples\HttpClient. Don’t change their configuration then it will run on Emulator.

For real device:
Try you code with google first, make sure it work then switch to the host you wanted. Of course, change the certificate if needed.

@ John - Ok, I did it… error ocures on :

SslStream sslStream = new SslStream(serverSocket)

Error detail:

Any idea?!

@ Ehsan Ansari - Unfortunately the emulator is a NETMF component that we do not control. The HTTP Server example shows how to use it, it should work in the emulator:

@ John - Ok…Finally I tested my code on pure netmf project running on emulator.
(my problem was solved by writing : SslStream sslStream = new SslStream(serverSocket.Accept()) !!!)
Anyway, The main problem still exists. on the line :

 sslStream.AuthenticateAsServer(serverCert, SslVerification.NoVerification, SslProtocols.Default);

It shows that error…
Is it possible that the used PEM certificate is source of error?
I made it by OpenSSL under following command:

openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem

Is it correct file?

@ andre.m - There was a problem about running same code in emulator which is solved right now.
But still I cannot use self sign pem certificate to run my own http web server. Following line makes error:

sslStream.AuthenticateAsServer(serverCert, SslVerification.NoVerification, SslProtocols.Default);

@ andre.m - I wrote it before. It is like this:

You’re doing something that is not supported.

So lets get deeper into the emulator scenario. You’re saying that using exactly the same certificate, the emulator does NOT have this error?

@ Brett - Both emulator and FEZ Raptor show same error. I guess its related to my pem cert made by openSSL command