Verification of Client SSL Certificates

Windows Platform

To enable verification of client SSL certificates on Windows, certificates need to be imported to trusted certificates storage. It can be done using Windows PowerShell commands.

Generate Key and Self-signed certificate

PowerShell command:

New-SelfSignedCertificate -Container test* -Subject "E=my.email@gmail.com, CN=Me, OU=Testing, O=MY COMPANY, L=LONDON, S=LONDON, C=UK" -CertStoreLocation "Cert:\CurrentUser\My" -NotAfter (Get-Date).AddMonths(36) -KeyExportPolicy ExportableEncrypted -KeyFriendlyName "testing-key" -KeyDescription "Testing key and certificate" -Provider "Microsoft Software Key Storage Provider"

Save thumbpring output like A17384C5ACADBD3FF23EFBD33BBBBC01A43351EF.

Export Certificate to File

PowerShell command:

$mypwd = ConvertTo-SecureString -String "{password}" -Force -AsPlainText
Export-PfxCertificate -Cert cert:\currentuser\my\{thumb_from_previous_step} -FilePath "{path_to_output_file}" -ChainOption EndEntityCertOnly -NoProperties -Password $mypwd

Import Certificate to Trusted Certificates Storage

PowerShell command:

$mypwd = ConvertTo-SecureString -String "{password}" -Force -AsPlainText
Import-PfxCertificate -FilePath "{path_to_generated_certificate_file}" -CertStoreLocation "cert:\CurrentUser\Root" -Password $mypwd

Enable Client SSL Verification for Acceptor Session

In the session-acceptor code, set VerifyPeer to true in the Engine or Session settings.