The next step is to modify the server example so that when a secure client connects to it, the appropriate certificate is passed to the client. To do this, first modify the command button's Click event to listen on the new port number:

Private Sub Command1_Click()
    If Not SocketWrench1(0).Listening Then
        Dim nError As Long

        SocketWrench1(0).Blocking = False
        SocketWrench1(0).Protocol = swProtocolTcp
        SocketWrench1(0).LocalPort = 7000

        nError = SocketWrench1(0).Listen()
        If nError <> 0 Then
            MsgBox "Unable to listen for connections", vbExclamation
            Exit Sub
        End If

        Command1.Caption = "Disconnect"
    Else
        SocketWrench1(0).Disconnect
        Command1.Caption = "Listen"
    End If
End Sub

Next, modify the OnAccept event to set the control into secure mode, and to specify the name of the server certificate that is going to be passed to the client:

Private Sub SocketWrench1_OnAccept(Index As Integer, ByVal Handle As Variant)
    Dim I As Integer

    For I = 1 To LastSocket
        If Not SocketWrench1(I).Connected Then Exit For
    Next I

    If I > LastSocket Then
        LastSocket = LastSocket + 1: I = LastSocket
        Load SocketWrench1(I)
    End If

    SocketWrench1(I).Blocking = False
    SocketWrench1(I).Protocol = swProtocolTcp
    SocketWrench1(I).CertificateName = "localhost"
    SocketWrench1(I).Secure = True
    SocketWrench1(I).Accept Handle
End Sub

In this case, we've set the name of the certificate to "localhost", which we'll use for the name of the local system. This can be any string which uniquely identifies a certificate installed in the system certificate store. When the client connects to the server, this is the digital certificate that will be passed to it during the handshake phase of the secure connection. Of course, you probably don't have a server certificate installed, so if you ran this program, an error would be generated indicating that the certificate doesn't exist.

To create a certificate for testing purposes, we'll do two things. First, we'll create a self-signed certificate which establishes you as your own Certification Authority. Then we'll use that to sign a server certificate which will be placed in your personal certificate store. Note that because you're functioning as your own CA, any other systems that would attempt to connect to your secure echo server would return an error (indicating that the certificate was not trusted) until your root certificate was installed on their system.

Included in Microsoft's Platform SDK is a utility called CreateCert which will allow you to easily create digital certificates, and we've included this utility with SocketWrench. To create the self-signed certificate, enter the following from the command line:

CreateCert "CN=TestCA" -k s

This will create a file called SelfSigned.cer which contains the self-signed root certificate with a name of "TestCA". The certificate will already be installed in your own personal certificate store, however you need to install it as a trusted root certificate. To do this, use the CertMgr utility and select the Import button. This will start the Certificate Import Wizard. Select the SelfSigned.cer file, and then choose the option to place the certificate in a specified store (do not have it automatically select the store). Press the Browse button and select Trusted Root Certification Authorities. A confirmation dialog will make sure that you want to install it; once complete, your new test root certificate has been installed.

Next, we need to create a server certificate. To do this, enter the following command at the command prompt:

CreateCert "CN=localhost" -is TestCA my u

This will create a file called Certificate.cer in the current directory, and will install your certificate in your personal store. Now, with your new server certificate, you should be able to connect to your secure echo server. It should function just as the standard, non-secure version except that the data that is being sent and received is encrypted. Remember, if you want a different system to connect to your server, you need to copy the SelfSigned.cer to that system and install it in the trusted root certificate store using CertMgr, otherwise the server certificate will be considered invalid. Note that to access the secure features of SocketWrench requires a Secure Edition development license.

Copyright © 2008 Catalyst Development Corporation. All rights reserved.