Certificate Handshake

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Certificate Handshake

Rudolph M. Steinhoff

I need to implement a SOAP API that will utilize Two-Way Certificate Authentication and encryption/decryption.

 

I do not know what parts of the handshaking and processing of authentication and encryption/decryption is managed by the Windows Server Operating System (and/or IIS) Environment, or which parts are managed by my Self-Hosted Windows API SOAP Service?

 

My question is, given the below steps, which parts will the server manage and which parts will my C# .NET code manage.

 

My code is a Self-Hosted Windows Service using .NET and C#.

 

My questions are which parts of the process is managed by the Windows Server environment “for” the host/client application, and which parts are managed by the host/client application (C# .NET).

 

Ps… sorry if the image does not appear, the steps listed are from the image.

 

Here are the steps:

 

  1. Client requests a secure connection to the host
  2. Host (Windows? IIS? .NET Code?) provides public key and digital certificate to client
  3. Client verifies certificate with the Certificate Authority (CA)
  4. Client provides host with a public key
  5. Host verifies client certificate with the Certificate Authority (CA)
  6. Host sends client public key
  7. Client encrypts message using host public key and sends message to host

Host decrypts client message using host’s private key

  1. Host encrypts message using clients public key. Sends message to client
    Client decrypts host message using client private key

 

enter image description here

 

Rudy Steinhoff

Sr. Software Engineer

 

  Direct: (847-847-3763

  Main: (847) 847.3706

  2100 E. Lake Cook Road, Suite 1100

  Buffalo Grove, IL 60089

  www.GTreasury.com

 

GTreasury Logo Signature

This message contains confidential and proprietary information of the sender, and is intended only for the person(s) to whom it is addressed.  Any use, distribution, copying or disclosure by any other person is strictly prohibited.  If you have received this message in error, please notify the e-mail sender immediately, and delete the original message without making a copy.