How to provide certificate chain in SSLStream's AuthenticateAsServer()?

5
votes

I'am implementing a SSL server in C#, using standard SSLStream.

Everything is fine so far, but - AuthenticateAsServer accepts only single certificate as parameter, while I have to provide the complete chain (3 of them).

I've built PKCS12 struct with all certificates (with help of Mono.Security), then call new X509Certificate2(pkcs12.GetBytes()), but nevertheless, only one is presented to the client.

So, the question is - how this could be done?

Thanks!

PS: I need a portable solution, which will work both in Mono and .NET on Windows.

1
c#.netsslhttpsmono

1 Answers

0
votes

Your setup is correct. The web server uses only one certificate with the SslStream (or anything else).

The certificate might be missing some information : The Authority Information Access extension of your server certificate shall point to the URI where the intermediary certificate will be downloaded.

Is this information missing ?