I have a situation where I need to generate SSL certificates for clients using SslStream as a server.
I know how to do that (makecert.exe), but I run into a problem when trying to ensure that both sides of the connection are authenticated.
Basically, if I use self signed cert, I need to add it to the trusted roots to get mutual authentication to work. I would rather avoid that if I can. I know that I can purchase a SSL certifi开发者_StackOverflowcate, but my situation is that I need to create a different certificate for each client, so buying a certificate for each client is out of the question.
Is there a way to avoid that? Maybe some certificate that I can buy that I can use to generate more certificates? As you can probably tell, I am pretty clueless about SSL in general.
The short answer is no, you can't do that. That is yet another reason why client certificates are not popular. You can provide a relatively painless install script for your users to run on their machines to install your homegrown CA certificate, but it still requires user intervention on every client that will connect to your server. Not pretty at all. Are you sure you cannot use usernames and passwords?
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论