The SslStream.AuthenticateAsServer method fails from Ubuntu but not from Windows 10.
When implementing the SslStrem example from https://learn.microsoft.com/en-us/dotnet/api/system.net.security.sslstream?view=netframework-4.8
It runs fine when executed on Windows 10, but when executed on Ubuntu I get the following exception when sslStream.AuthenticateAsServer is called:
System.NotSupportedException: The server mode SSL must use a certificate with the associated private key.
I've tried using serverCertificate = X509Certificate2.CreateFromCertFile(certificate) instead of serverCertificate = X509Certificate.CreateFromCertFile(certificate) but to no avail.
The certificates are generated with OpenSSL and when performing the modulus check all keys and certificates do in fact match. The server certificate is signed with the CA certificate. The certificates are generated using jww's lengthy answer at How do you sign a Certificate Signing Request with your Certification Authority?
So to summerise: When calling sslStream.AuthenticateAsServer on Ubuntu (but not on Windows 10) the following exception is thrown: System.NotSupportedException: The server mode SSL must use a certificate with the associated private key.
I'm using the .net-core environment (obviously necessary to run on Linux) :-)
It's not the same as the suggested possible duplicate X509Certificate2 the server mode SSL must use a certificate with the associated private key because it answers how the certificate is generated. However, drake7707's reply to Mark Yuan's answer gave me a hint.
So the problem is solved as follows: Replace the line of code
serverCertificate = X509Certificate.CreateFromCertFile(certificate);
with
serverCertificate = new X509Certificate2(certificate);
and change its declaration from
static X509Certificate serverCertificate = null;
to
static X509Certificate2 serverCertificate = null;
So in summary, using X509Certificate2 does, in fact, solve the problem.
