- The client and server must support compatible encryption algorithms.
- The root certificate must be known and supported by the peer application.
- The location of the root certificate or chain must be known by the client and service.
- If sending the certificate chain, the type of container, e.g. PKCS7, for the certificate chain must be understood by both sides.
I would recommend that you take a step back and get your code running using the sample code that comes with Microsoft's WSE, which is downloadable from the Microsoft site. Take a look at the document, "Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication," which can be downloaded from Microsoft's MSDN Web site. This will give you step-by-step instructions for setting up an SSL connection. I would also advise using Visual Studio .NET 2003, if you are not already using it.
Once you get the sample running and then modified to use your code, move on to introducing OpenSSL. I'm not sure whether you are using OpenSSL to just create your certificates and using .NET to handle the SSL or whether you have incorporated OpenSSL as the secure sockets layer in your service. If the former, your job will be easier as most of the compatible issues have been worked out. If the latter then you have to solve the incompatibles, a much harder job.
Make sure that you are checking for errors in the client for certificate that is sent from the service, for example:
- If Not x.trustedRoot
- If Not x.validate
- If Not x.validName
This was first published in October 2003