Hi all

I would like tosecure my C# application.

It's just a small application (using asynchronous sockets) to transfer small files and messages. But, because I would like to be able to send a password and a username (so the user can legitimate himself) through this connection, security should be guaranteed.

I already informed me about SSL, which is probably the best security option, and I've experimented a bit with some Microsoft provided SSL examples using SslStream etc.
Now I want to create a certificate (.cer) file to load into my application. I have 2 questions about this:

1. How can I create a certificate?
2. Is one certificate for my whole application enough, or should every server have its own certificate? (If yes: How do you, developers, work around this restriction?)

I am also looking forward to other security solutions, so every suggestion is welcome.

Thanks in advance,

Giel

Hi
You can create certificate using tools such as mekecert or openSSL also you can create certificate programatically using for example bouncycastle lib. As for number of certificates and keys pairs - if you only want to encrypt your comunication you need one and the same certificate and keys pair on every server but if you want to use certificates for authentication you will need more (depends on number of servers or servers and clients).

---

everything is a matter of probability...

Hi
You can create certificate using tools such as mekecert or openSSL also you can create certificate programatically using for example bouncycastle lib. As for number of certificates and keys pairs - if you only want to encrypt your comunication you need one and the same certificate and keys pair on every server but if you want to use certificates for authentication you will need more (depends on number of servers or servers and clients).

---

everything is a matter of probability...