SSL Cert authentication from .Net Client

Jay43 · July 18, 2019, 12:36am

For SSL Cert authentication from .Net Client code, we are unable to authenticate it. Below are the steps we followed

Step1:

• openssl genrsa -out certCA.key 2048
• openssl req -x509 -new -nodes -key certCA.key -sha256 -days 1024 -out certCA.pem
• cat certCA.pem chain.pem > couchcert.pem
• openssl pkcs12 -export -out couchcertificate.pfx -inkey certCA.key -in couchcert.pem

Imported the couchcertficate.pfx in mmc of the windows client machine and took the thumbprint value.

Step2:

.Net Client Code:

var config = new ClientConfiguration
{
Servers = new List {
new Uri(“http://couchbasebaseclusternode1”)
},
UseSsl = true,
EnableCertificateAuthentication = true,
DefaultConnectionLimit = 1000,
HttpsApiPort = 18091
};
var cluster = new Cluster(config);
try
{
var authenticator = new CertAuthenticator(
new CertificateStoreOptions
{
StoreLocation = StoreLocation.LocalMachine,
StoreName = StoreName.TrustedPeople,
X509FindType = X509FindType.FindByThumbprint,
FindValue = “‎‎Thumbprint Value of above installed couchcertificate.pfx certificate”
}
);
cluster.Authenticate(authenticator); //This doesn’t throw any exception however we find this error when looking at the quickwatch information of the cluser " cluster Cannot get Info if HttpProvider has not been initialized"
}
catch(Exception ex)
{
Console.WriteLine(ex.InnerException.InnerException.Message);
}
var bucket = cluster.OpenBucket(“bucketname”); //Errors out: “Authentication failed because the remote party has closed the transport stream.”

Any help on this would be much appreciated. Thanks in advance!

MikeGoldsmith · July 22, 2019, 12:16pm

Hi @Jay43

Sorry for the slow reply, here is a code example of configuring CertificateAuthentication.

var config = new ClientConfiguration();
config.Servers = new List<Uri>
{
    new Uri(“http://couchbasebaseclusternode1”)
};
config.UseSsl = true;
config.EnableCertificateAuthentication = true;
config.CertificateFactory = CertificateFactory.GetCertificatesFromStore(new CertificateStoreOptions
{
    StoreLocation = StoreLocation.LocalMachine,
    StoreName = StoreName.TrustedPeople,
    X509FindType = X509FindType.FindByThumbprint,
    FindValue = "<thumbprint>"
});

var cluster = new Cluster(config);
var bucket = cluster.OpenBucket("<bucket-name>");

Note:

As the certificate factory has been configured at the config level, a separate CertAuthenticator is not required to be passed to the cluster.Authenticate()
UseSsl & EnableCertificateAuthentication must both be set manually to true

Thanks

Jay43 · August 27, 2019, 2:50pm

Thanks Mike, based on the forum CreateManager using credentials from app.config

Could you please help with how to configure the above mentioned CertificateFactory with cert details in app.config or web.config.