Question Help with x.509 Certificate and TCPClient/SSLstream


Well-known member
Nov 10, 2012
Programming Experience
I started a project not too long ago which I thought would be fairly simple to do since I had done others just like it in the past. However, this one has turned out to be a little bit more complicated. Still, I'd love to figure it out in case I'm ever presented with it again in the future. I hope some of you can give me tips or information that may help me here!

First, I've done TCPclient and SSLstream before, but this time I need to pass an x.509 certificate with my request. This brings up my first issue/question - the certificate. I've bought SSL certificates in the past and installed them for websites on my Linux server, but how does this work since I won't be installing on a website and instead would need to have the cert on my PC where the software will be (I guess)?

Second, the company which I am trying to establish my connection with only accepts certificates from a few authorities. No problem there, except I can't figure out if I actually need to purchase a certificate or not. One company they list is which only has 2 products on their website - a Standard SSL and Premium SSL. I asked them which of the two I needed and all they tell me is "review with your certificate authority regarding certificate information" and then link me to the repository here ( The first Name on that repository list matches one they have listed as accepted. So, can I use the crt file listed there, or do I actually need to purchase one of the certificates?

Third, it's been a while since I last purchased an SSL, so I can't remember which files they give me once I buy. The company I'm connecting too has mentioned three specific files in a few of our conversations - cert.pem (public key), key.pem (private key), cacert.pem (root certificate). Do I need to pass all of these when creating my connection? Also, are there any good articles that show how to add these into a project? Do I actually add them into the project or just reference where they are stored on my PC?

Finally, when I've bought SSL certificates in the past I've always had to provide the "Host" I wanted the certificate for. How does one do this when it will be stored on my computer? Do I just use my IP address? Am I able to purchase without providing any host?

Sorry if some of these questions seam a bit strange. I've never created a TCP client where one needed to establish an authenticated and encrypted communications channel just to communicate with the server.. :(
Top Bottom