X509 Certificate for SSL authentication using Dot Net Core

In this article, we are going to learn:

• What is X.509 certificate?
• Why we need X.509 certificates?
• Implement HttpClient with Certificate Authentication with Dot Net Core

X.509 Certificate-
An X.509 certificate is a digital certificate which are used to manage identity and security in internet communications and computer networking.

X.509 certificates consist of three main components — a key pair, a digital signature & information about the identity of issuing party and the party it’s issued to.

1. Key Pair: It consists of two keys — Public key and private key. The public key is part of a key pair that also includes a private key. The private key is kept secure, and the public key is included in the certificate. Allows the owner of the private key to digitally sign documents; these signatures can be verified by anyone with the corresponding public key.
2. Digital Signature: A digital signature is added by a certificate authority (CA) to assure users that the certificate in use is genuine.
3. Identity information: It also consists of information related to the party to which a certificate is issued & the identity that issued it (certificate authority).

Image By Sectigo

Why we require X.509 certificate?

SSL/TLS X509 certificate fulfills two main functions : Authentication and Data Encryption.

1. First, the certificate can assist with authenticating and verifying the identity of a host or site. The SSL Certificate has information about the authenticity of details around the identity of a host or site.
2. Second, it enables the encryption of information exchanged via a website. When you encrypt data in transit with it, the sensitive information exchanged via the website cannot be intercepted and read by anyone other than the intended recipient.

PEM VS PFX

Before creating httpRequest for SSL authentication we should understand types of certificate.
A PFX includes both the public and private key for the associated certificate, it can be used for TLS/SSL on web site, for digitally signing messages or authorization tokens, or for authenticating to a partner system. A PEM file may contain just about anything including a public key, a private key, or both, because a PEM file is not a standard. In effect PEM just means the file contains a base64-encoded bit of data.

PEM files have had patchy support in Windows and .NET but are the norm for other platforms. However, starting with .NET 5, .NET now has out of the box support for parsing certificates and keys from PEM files. With .NET 5 we can use X509Certificate2.CreateFromPemFile which creates a new X509 certificate from the file contents of an RFC 7468 PEM-encoded certificate and private key.

Implement HttpClient with Certificate Authentication

When using HttpClient class to call web apis (that are secured by certification authentication) you have to add the client certificate to the request, you do this with HttpClientHandler.

Check the code below :

Creating HttpHandler and Adding Root Certificate

Now we need to add public key and sign it with Private key. And export to PFX format before adding to HttpHandler Client collection.

That’s all! Happy coding!

Do you have any comments or ideas or any better suggestions please share