When the server requires that the client connects using an SSL Certificate, use the TLSOptions property of TsgcWebSocketClient to set the certificate files.
Connection through SChannel requires that TLSOptions.IOHandler = iohSChannel.
SChannel supports 2 types of certificate authentication:
1. Using a PFX certificate
2. Setting the Hash Certificate of an already installed certificate in the windows system.
PFX Certificate is a file that contains the certificate and private key, sometimes you have a certificate in PEM format, so before using it you must convert it to PFX.
Use the following openssl command to convert a PEM certificate to PFX
openssl pkcs12 -inkey certificate-pem.key -in certificate-pem.crt -export -out certificate.pfxOnce the certificate is in PFX format, you only need to deploy the certificate and set the TLSOptions.CertFile property to its path.
TLSOptions.IOHandler = iohSChannel
TLSOptions.CertFile = <certificate path>
TLSOptions.Password = <certificate optional password>
If the certificate is already installed in the Windows certificate store, you only need to know the certificate thumbprint and set it in the TLSOptions.SChannel_Options property.
Finding the hash of a certificate is as easy in powershell as running a dir command on the certificates container.
dir cert:\localmachine\my
The hash is the hexadecimal Thumbprint value.
Directory: Microsoft.PowerShell.Security\Certificate::localmachine\my
Thumbprint Subject
---------- -------
C12A8FC8AE668F866B48F23E753C93D357E9BE10 CN=*.mydomain.comOnce you have the Thumbprint value, you must set the hash and the certificate location in the TLSOptions.SChannel_Options property.
TLSOptions.IOHandler = iohSChannel
TLSOptions.SChannel_Options.CertHash = <certificate thumbprint>
TLSOptions.SChannel_Options.CertStoreName = <certificate store name>
TLSOptions.SChannel_Options.CertStorePath = <certificate store path>
TLSOptions.Password = <certificate optional password>