Identify what digital certificate is wanted by the webservice

[randall2nd]

I have been tasked to programmatically determine what certificate a webservice is looking for.

The site does have a web page to connect to. When connecting to that web page a dialog box pops up, "Choose a digital certificate", with some of the certificates from the personal store to choose from. At this point it does not look like the connection has been denied, and when I select a valid certificate the page is brought up.

From this I am hoping that there is something in the communcation that identifies a criteria that allows the browser to limit the choices presented. I need to capture that criteria, so that when connecting to the site's webservice programatically I can add the proper certificate to the connection.

I tried connecting without a certificate and with invalid ones, to look at the response and the thrown exception. Unfortunately my investigation thus far has not yielded me any luck.

I am using System.Web.Services.Protocols.SoapHttpClientProtocol to connect to the webservice.

Any and all ideas/suggestions welcome.

Randall2nd
Ignorance does not equal stupidity, do not treat it as such.

 

[chiph]

1. Did you try emailing their support people to find this out?

2. Why do you care if the site sees multiple certificates in your request? It can only use the one it knows about.

Chip H.


____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first

 

[randall2nd]

Thanks for you response Chip

1. Did you try emailing their support people to find this out?

Technically no I did not contact them, for the tests I am doing I am "them". I am only doing a small part of the overall application. I do not know what site the end users will actually be connecting to.

2. Why do you care if the site sees multiple certificates in your request? It can only use the one it knows about.

Its all about providing informative and meaningful feedback(errors) to the user.

I need to check if there is one or more certificates for the site. If there is at least one certificate available, I need to check to see if they are expired. If there is at least one certificate that is available and not expired, I need to check if they can be used to connect to the site's web service. Finally provide feedback on what was found.

Since there can be multiple certificates, there can be some expired and/or some revoked. If I just load all the certificates up and try to connect, the "non-good" certificates are loaded before the "good" ones then the connection will fail.

I hope my answers provide some clarification.


Randall2nd
Ignorance does not equal stupidity, do not treat it as such.

 

[chiph]

There may be two things you can try:

1. Filter the list by the results of calling GetIssuerName() on your X509Certificate objects

2. Filter by looking at the Principle property on the certificate.

Hope this helps.
Chip H.


____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first