Acessing certificate in a secure way (WSS)

Dec 1, 2011 at 9:24 AM

Hi Kerry,

first of all let me say thank you for such a great and useful implementation.

I have just a quick question, is it possible to use the local certificate store instead of physically copying the certificate into the web project
and specifying the password to access the private key in clear text?

I know that it is possible to encrypt configuration files but that is currently not an option.

Thank you for your help!


Dec 1, 2011 at 9:36 AM

There is no this kind way for now.

I'll think about allow it to be extended.

Dec 9, 2011 at 7:13 AM

I got an idea, Certificate attribute of WebSocketServer class can be modified in the class scope.

public virtual X509Certificate Certificate { get; protected set; }

So you can set your certificate of your own when the server is setup/initialized by extending the WebSocketServer class.

So far, this is the only way to walk around it.

Dec 10, 2011 at 2:00 PM

I implemented this feature in SuperSocket of mainline (1.5):

But current SuperWebSocket is base on SuperSocket 1.4 SP1. So I suggest you follow my previous post. If you don't know how to get certificate from certificate store, please refer to my changes in above link.