SSL Cert authentication from .Net Client

For SSL Cert authentication from .Net Client code, we are unable to authenticate it. Below are the steps we followed

Step1:

• openssl genrsa -out certCA.key 2048
• openssl req -x509 -new -nodes -key certCA.key -sha256 -days 1024 -out certCA.pem
• cat certCA.pem chain.pem > couchcert.pem
• openssl pkcs12 -export -out couchcertificate.pfx -inkey certCA.key -in couchcert.pem

Imported the couchcertficate.pfx in mmc of the windows client machine and took the thumbprint value.

Step2:

.Net Client Code:

var config = new ClientConfiguration
{
Servers = new List {
new Uri(“http://couchbasebaseclusternode1”)
},
UseSsl = true,
EnableCertificateAuthentication = true,
DefaultConnectionLimit = 1000,
HttpsApiPort = 18091
};
var cluster = new Cluster(config);
try
{
var authenticator = new CertAuthenticator(
new CertificateStoreOptions
{
StoreLocation = StoreLocation.LocalMachine,
StoreName = StoreName.TrustedPeople,
X509FindType = X509FindType.FindByThumbprint,
FindValue = “‎‎Thumbprint Value of above installed couchcertificate.pfx certificate”
}
);
cluster.Authenticate(authenticator); //This doesn’t throw any exception however we find this error when looking at the quickwatch information of the cluser " cluster Cannot get Info if HttpProvider has not been initialized"
}
catch(Exception ex)
{
Console.WriteLine(ex.InnerException.InnerException.Message);
}
var bucket = cluster.OpenBucket(“bucketname”); //Errors out: “Authentication failed because the remote party has closed the transport stream.”

Any help on this would be much appreciated. Thanks in advance!

Hi @Jay43

Sorry for the slow reply, here is a code example of configuring CertificateAuthentication.

var config = new ClientConfiguration();
config.Servers = new List<Uri>
{
    new Uri(“http://couchbasebaseclusternode1”)
};
config.UseSsl = true;
config.EnableCertificateAuthentication = true;
config.CertificateFactory = CertificateFactory.GetCertificatesFromStore(new CertificateStoreOptions
{
    StoreLocation = StoreLocation.LocalMachine,
    StoreName = StoreName.TrustedPeople,
    X509FindType = X509FindType.FindByThumbprint,
    FindValue = "<thumbprint>"
});

var cluster = new Cluster(config);
var bucket = cluster.OpenBucket("<bucket-name>");

Note:

  • As the certificate factory has been configured at the config level, a separate CertAuthenticator is not required to be passed to the cluster.Authenticate()
  • UseSsl & EnableCertificateAuthentication must both be set manually to true

Thanks