How do I identify my server name for server authentication by client in c#

Question

I have recently been trying to make a SSL encrypted Server/Client in C#.

I have followed this tutorial on MSDN, however, it required a certificate to be created for the

Answer 1

First, do not create a certificate with the subject "CN=localhost" or equivalent. It is never going to be used in production so don't do it. Always issue it to your computer's hostname, e.g. CN="mycomputer", and use the host name when connecting to it rather than localhost. You can specify multiple names using the "subject alternate name" extension but makecert does not appear to support it.

Second, when issuing a server SSL certificate, you need to add the "server authentication" OID to the enhanced key usage (EKU) extension of the certificate. Add the -eku 1.3.6.1.5.5.7.3.1 parameter to makecert in your example. If you want to do client certificate authentication, use the "client authentication" OID of 1.3.6.1.5.5.7.3.2.

Lastly, the default certificate created by makecert uses MD5 as its hashing algorithm. MD5 is considered insecure and, although it will not affect your testing, get into the habit of using SHA1. Add -a sha1 to the makecert parameters above to force SHA1. The default key size should also be increased from 1024-bits to 2048-bits but you get the idea.