Yes, TLS works, also as server

Austrian_Dude · March 14, 2021, 9:04pm

no certificate error (scm20260d is the result of implemented NetBIOS name resolution)

not only HTTPS, also FTP over TLS

(TinyCLR OS v2.1.0-preview4)

mcalsyn · March 15, 2021, 1:00am

@Austrian_Dude - was that a self-signed cert? Would you be willing to share how you created it? “How to create usable server certs” would be a great addition to the docs.

Gus_Issa · March 15, 2021, 1:13am

This is impressive and I want it… Can I send you some beer?

Austrian_Dude · March 15, 2021, 10:01am

yes, self signed
i am doing it with Linux, meanwhile easy with WSL (Windows Subsystem for Linux) on Windows 10

that’s what i thought too, the docs should be extended
happy to share my way -> github ghi docs

Austrian_Dude · March 15, 2021, 10:02am

yes you can
PayPal.Me

Austrian_Dude · March 15, 2021, 12:25pm

github.com/ghi-electronics/Documentation

TLS Tutorial should be extended with Server part

opened 11:09AM - 15 Mar 21 UTC

closed 04:55PM - 16 Mar 21 UTC

AndreMarschalek

the docs should be splitted into Client and Server part where the Server part s…hould contain: 1. a way to create self signed certificates 2. how to import the root certificate for trust (with screenshots or not..) 3. how to show or remove certificates from PC (with screenshots or not..) 4. sample code how to use X509Certificate ``` byte[] servercert = Resources.GetBytes(Resources.BinaryResources.servercert); X509Certificate certificate = new X509Certificate(servercert) { PrivateKey = Resources.GetBytes(Resources.BinaryResources.serverkey), }; ``` 5. sample code how to create SslStream ``` Socket socket; NetworkStream stream; try { SslStream sslStream = new SslStream(socket); sslStream.AuthenticateAsServer(certificate, System.Security.Authentication.SslProtocols.Tls12); stream = sslStream; } catch (InvalidOperationException) { } stream.Write/stream.Read ``` 6. Needed NuGets 7. link(s) to further documentation https://www.openssl.org/docs/man1.1.1/man1/req.html

Roman2 · March 15, 2021, 6:08pm

Oida do gibts no an Österreicha. Servas! (For all non austrian: Dont try to translate this with google translate)

Nice work. I hate to work with certificates. There are always new reasons why something doesn’t work

Austrian_Dude · March 15, 2021, 6:51pm

Die Welt ist immer wieder kleiner als man glaubt Servas!
Nach Jahren Abstinenz wieder retour …

Dat_Tran · March 15, 2021, 10:01pm

me, too…

mcalsyn · March 15, 2021, 11:11pm

new obscure and inscrutable reasons
…the antidote is documentation

sytak · March 16, 2021, 10:40am

Your work here is fantastic!

For what it is worth… Here is a simple PowerShell script that uses OpenSSL compiled for windows to create a self- singed cert that works great for TinyCLR.

valon_hoti_gmail_com · March 17, 2021, 1:01pm

steps how to create certificates …

download openssl from
https://slproweb.com/products/Win32OpenSSL.html

https://slproweb.com/download/Win64OpenSSL-1_1_1j.msi (64.3 MB) or
https://slproweb.com/download/Win32OpenSSL-1_1_1j.msi (55.2 MB)

install on your pc

suppose my domain names (for my pc/seerver) for this certificates are

scm20260d
192.168.2.5 (if you are using static ip for that server)

so for this reason we need to create file domains.ext with content as below:

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = scm20260d
DNS.2 = 192.168.2.5

open cmd as admin and go to the openssl bin folder

start to generate CA - Certificate Authority certificate

openssl req -x509 -nodes -new -sha256 -days 1024 -newkey rsa:2048 -keyout CA.key -out CA.pem -subj "/C=US/CN=scm20260d"

step 2 convert pem to crt

openssl x509 -outform pem -in CA.pem -out CA.crt

step3 create client private key and do request

openssl req -new -nodes -newkey rsa:2048 -keyout client.key -out client.csr -subj "/C=US/CN=scm20260d"

step 4 create client certificate

openssl x509 -req -sha256 -days 1024 -in client.csr -CA CA.pem -CAkey CA.key -CAcreateserial -extfile domains.ext -out client.crt

Generated results are :
CA.key
CA.pem
CA.crt

client.key
client.csr
client.crt