0

I've been trying for 2 days straight and I still feel no closer to getting this resolved. Any help is greatly appreciated ... Here is my problem:

I have an Android app (written in Xamarin) that needs to communicate on my local network with my IdentityServer website. This is running in IIS and I access this directly through the IP address on the LAN.

Because this is running locally and I am not a CA, Android wont trust my self signed cert in IIS and I can't get any further. Normally, there is a work around where I can bypass the SSL check in my Android App, but in this case I cannot do this as the Android side IdentityServer client used to communicate with IdentityServer is not configurable (I assume for security reasons)... So, my next thought was to become a CA myself, sign my own certificates and install them in Windows, on IIS for my website and somehow convince Android that I am a CA.

I have followed instructions using openssl many times over, but hit a dead end again and again... I simply don't seem to have the files that I need to complete this...

At the moment I have a rootSSL.key, rootSSL.pem, rootSSL.srl, mydev.crt, mydev.csr & mydev.key all created using openssl and following the tutorials below (I have had many more files, but started different tutorials when hitting a brick wall). After trying to use this crt on my IIS IdentityServer website, apparently I need a pfx file! It seems I dont even know what I am searching for because I'm hitting these dead ends, can anyone share a good end to end tutorial (or several that follow on) that I can use to resolve what I need to achieve. I clearly don't know enough about the subject to understand what I actually need.

Latest tutorial: https://zeropointdevelopment.com/how-to-get-https-working-in-windows-10-localhost-dev-environment/

IIS: Version 10.0.18362.1

Craig
  • 849
  • 8
  • 21
  • https://stackoverflow.com/questions/52441979/accept-self-signed-certificates-in-xamarin-android/64741829#64741829 – Lex Li Nov 08 '20 at 18:46
  • I can't use this answer because I have no control over the client used in the Android app... it isn't a standard httpClient is it an Identity Server specific one, but thanks anyway – Craig Nov 08 '20 at 18:48
  • What client are you using? If deep down inside it uses `HttpClient` to send HTTP requests, you can easily hack it. – Lex Li Nov 08 '20 at 19:25
  • I'm using the oidcClient which is from the IdentityModel ... It provides standard methods for login, logout etc... but doesn't expose the underlying client unfortunately. – Craig Nov 08 '20 at 20:31
  • I doubt you ever read carefully what has been discussed, https://github.com/IdentityModel/IdentityModel.OidcClient/issues/161 – Lex Li Nov 08 '20 at 20:41
  • Ah great, I missed this... I searched for this but wasn't aware it was called back channel handler. Thanks for the nudge in the right direction :) – Craig Nov 08 '20 at 20:54

1 Answers1

0

I followed your link to generate rootSSL.key,rootSSL.pem,rootSSL.srl,localhost.key,localhost.csr,localhost.crt. When I tried to import it to IIS, it failed because lack of pfx file.

But you can generate pfx file by pem and key file.(You need to change all "localhost" to "mydev" in command)

openssl pkcs12 -export -out my.pfx -inkey localhost.key -in localhost.crt -certfile localhost.crt

Enter the password and you will get the pfx file. enter image description here

Bruce Zhang
  • 2,880
  • 1
  • 5
  • 11
  • Thanks for this Bruce, I had no idea these were convertible. I'll convert it and see if I can get this sorted. It will be a better way than messing up my code. Thanks again :) – Craig Nov 09 '20 at 20:51
  • Does it help you? If you encounter another issue, I can help you. – Bruce Zhang Nov 13 '20 at 07:42
  • Hi Bruce, I will be attempting this tomorrow, I will let you know how I get on. Thanks again – Craig Nov 13 '20 at 08:08