When the server requires that client connects using a SSL Certificate, use the TLSOptions property of TsgcWebSocketClient to set the certificate files.
Connection through SChannel requires that TLSOptions.IOHandler = iohSChannel.
SChannel support 2 types of certificate authentication:
1. Using a PFX certificate
2. Setting the Hash Certificate of an already installed certificate in the windows system.
PFX Certificate is a file that contains the certificate and private key, sometimes you have a certificate in PEM format, so before use it, you must convert to PFX.
Use the following openssl command to converte a PEM certificate to PFX
openssl pkcs12 -inkey certificate-pem.key -in certificate-pem.crt -export -out certificate.pfxOnce the certificate has PFX format, you only need to deploy the certificate and set in the TLSOptions.Certificate property the path to it.
TLSOptions.IOHandler = iohSChannel
TLSOptions.CertFile = <certificate path>
TLSOptions.Password = <certificate optional password>
If the certificate is already installed in the windows certificate store, you only need to know the certificate thumbprint and set in the TLSOptions.SChannel_Options property.
Finding the hash of a certificate is as easy in powershell as running a dir command on the certificates container.
dir cert:\localmachine\my
The hash is the hexadecimal Thumbprint value.
Directory: Microsoft.PowerShell.Security\Certificate::localmachine\my
Thumbprint Subject
---------- -------
C12A8FC8AE668F866B48F23E753C93D357E9BE10 CN=*.mydomain.comOnce you have the Thumbprint value, you must to set in the TLSOptions.SChannel_Options property the hash and where is located the certificate.
TLSOptions.IOHandler = iohSChannel
TLSOptions.SChannel_Options.CertHash = <certificate thumbprint>
TLSOptions.SChannel_Options.CertStoreName = <certificate store name>
TLSOptions.SChannel_Options.CertStorePath = <certificate store path>
TLSOptions.Password = <certificate optional password>