Using a self-sign certificate for intranet applications

Question

I'm designing a C# server-client applications communicating over an intranet using a WebApi, and I've been looking around for a way of encrypting my communication. I figured out that I can use a self-sign certificate for my needs. My question is that- Is it possible to import the certificate on the client side in the process of program installation? I want to create some kind of automation around that so I wouldn't need to do it manually every time I install a new client.

P.S - this is my first question in stack overflow so if you think I should have give more information I'll be happy to do so

Do you have an Active Directory? Then you can simply share the certificate with GPOs. — jAC, Jul 26 '17 at 09:42
Or https://letsencrypt.org for a free trusted cert out of the box. — Alex K., Jul 26 '17 at 09:59

Kaushal Kumar Panday · Accepted Answer · 2017-07-27T12:04:09.883

0

The answer to your question is yes or no depending on whether the Private Key property was marked as exportable during creation. Since it is a self-signed certificate, most of the tools that are used for creating one always have this property enabled. So you should be able to export the certificate along with the private key from the source machine in the .pfx extension and then import this certificate file on the destination machine.

I am assuming you are not worried about the certificate trust as you are using a self-signed certificate.

UPDATE

In order to import the certificate via MMC, refer the instructions available here: Export a certificate with private key

You can use certmgr.exe or certutil.exe to import the certificate via command line. See this:

Similaryly for PowerShell you can use the Import-Certificate commandlet. See this article for reference: https://technet.microsoft.com/en-us/itpro/powershell/windows/pkiclient/import-certificate

Also see this thread: Import Certificate to Trusted Root but not to Personal [Command Line]

edited Jul 27 '17 at 12:04

answered Jul 26 '17 at 16:02

Kaushal Kumar Panday

2,329
13
22

thank you for your answer. I do have the private key **.pfk** file. so I understand from your answer that I can import the certificate automatically- but I also wanted to know what approach should I use in order to do so. – AmitGaf Jul 27 '17 at 07:12
There are several approach to export the certificate file. I will add the details in the answer. – Kaushal Kumar Panday Jul 27 '17 at 08:26
Thank you again, but I think I wasn't clear enough... My main goal is to import the certificate on the client side programmatically - without using the windows GUI like MMC etc... So I have my .pfk file and I want to install my program on the client side, and in the installation process run some code/command line tools to automatically import the included certificate to the user personal certificate store. – AmitGaf Jul 27 '17 at 10:47

Using a self-sign certificate for intranet applications

1 Answers1