Certificate Handshake

Rudolph M. Steinhoff RSteinhoff at gtreasury.com
Wed Mar 20 14:44:36 UTC 2019 

I need to implement a SOAP API that will utilize Two-Way Certificate Authentication and encryption/decryption.

I do not know what parts of the handshaking and processing of authentication and encryption/decryption is managed by the Windows Server Operating System (and/or IIS) Environment, or which parts are managed by my Self-Hosted Windows API SOAP Service?

My question is, given the below steps, which parts will the server manage and which parts will my C# .NET code manage.

My code is a Self-Hosted Windows Service using .NET and C#.

My questions are which parts of the process is managed by the Windows Server environment "for" the host/client application, and which parts are managed by the host/client application (C# .NET).

Ps... sorry if the image does not appear, the steps listed are from the image.

Here are the steps:


  1.  Client requests a secure connection to the host
  2.  Host (Windows? IIS? .NET Code?) provides public key and digital certificate to client
  3.  Client verifies certificate with the Certificate Authority (CA)
  4.  Client provides host with a public key
  5.  Host verifies client certificate with the Certificate Authority (CA)
  6.  Host sends client public key
  7.  Client encrypts message using host public key and sends message to host

Host decrypts client message using host's private key

  1.  Host encrypts message using clients public key. Sends message to client
Client decrypts host message using client private key

[enter image description here]

Rudy Steinhoff
Sr. Software Engineer

  Direct: (847-847-3763
  Main: (847) 847.3706
  2100 E. Lake Cook Road, Suite 1100
  Buffalo Grove, IL 60089
  www.GTreasury.com

[GTreasury Logo Signature]<http://www.gtreasury.com/>
This message contains confidential and proprietary information of the sender, and is intended only for the person(s) to whom it is addressed.  Any use, distribution, copying or disclosure by any other person is strictly prohibited.  If you have received this message in error, please notify the e-mail sender immediately, and delete the original message without making a copy.
________________________________

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190320/65a428ae/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 38870 bytes
Desc: image001.jpg
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190320/65a428ae/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 8838 bytes
Desc: image002.png
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190320/65a428ae/attachment-0001.png>

More information about the openssl-users mailing list