I'm designing a C# server-client applications communicating over an intranet using a WebApi, and I've been looking around for a way of encrypting my communication. I figured out that I can use a self-sign certificate for my needs. My question is that- Is it possible to import the certificate on the client side in the process of program installation? I want to create some kind of automation around that so I wouldn't need to do it manually every time I install a new client.
P.S - this is my first question in stack overflow so if you think I should have give more information I'll be happy to do so
The answer to your question is yes or no depending on whether the Private Key property was marked as exportable during creation. Since it is a self-signed certificate, most of the tools that are used for creating one always have this property enabled. So you should be able to export the certificate along with the private key from the source machine in the .pfx extension and then import this certificate file on the destination machine.
I am assuming you are not worried about the certificate trust as you are using a self-signed certificate.
UPDATE
In order to import the certificate via MMC, refer the instructions available here: Export a certificate with private key
You can use certmgr.exe or certutil.exe to import the certificate via command line. See this:
Similaryly for PowerShell you can use the Import-Certificate commandlet. See this article for reference:
https://technet.microsoft.com/en-us/itpro/powershell/windows/pkiclient/import-certificate
Also see this thread: Import Certificate to Trusted Root but not to Personal [Command Line]