X.509 Certificate Installation

Hi there

I've got an issue with installing an X.509 certificate into the Local
Machine's Personal store and to grant ASP.NET access to the private key. I'm
sure I'm just missing one step, since I've managed to do this before, but I'd
appreciate any help anyone could offer.

I've got a PFX file with the public/private key pair. I've tried installing
it in two ways:
1. Using winhttpcertcfg from the Windows Resource Kit (which is the way I
did it in the past) - the exact command line I use is winhttpcertcfg -i
certificatefile.pfx -p password -c LOCAL_MACHINE\My -a ASPNET

2. Double-clicking the PFX file, installing it into the Local Machine store
through the wizard, and then granting ASPNET all rights through WSE's X.509
certificate tool.

It seems like the certificate is installed correctly when I use either of
these methods, and the WSE classes can find the certificate quite happily but
unfortunately when I run the following code, either in ASP.NET or in Windows,
I get an exception:

[// the service is using HTTPS
X509CertificateStore store =
X509CertificateStore.LocalMachineStore(X509CertificateStore.MyStore);
store.OpenRead();
X509CertificateCollection coll = store.FindCertificateBySubjectString("C");
X509Certificate cert = coll[0]; // this finds the right certificate
service.ClientCertificates.Add(cert);
service.CallMethod();]

[The exception that is thrown from the last line (CallMethod) is:
System.Net.WebException: The underlying connection was closed: Could not
establish secure channel for SSL/TLS.]

Like I said, this is happening in a Windows Forms app running under my own
user account (which is the same account I installed the certificate under),
leading me to believe that this probably NOT related to granting permissions
to the ASPNET account, but rather is something different.

Thanks in advance!

- John
.

Relevant Pages

  • Re: PFXExportCertStoreEx
    ... which contains the actual PFX and write that to the disk. ... methods to export certificate + private key from the IE store. ...
    (microsoft.public.platformsdk.security)
  • Re: Unable to unwrap a symmetric key using the private key of an X
    ... the certificate (public and private key) is ... installed in the personal store of both local computer and current user and I ... The problem is related to the certificate store on the web service side. ... You installed the certificate in "OtherPeople" store but the policy points ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Client Certificates Issue
    ... "Active Directory User Objects" where the certificate is available, ... the Store Name for that store or, how can I access it using C#.Net code? ... not on your server. ... of the private key for the certificate they provided to the server. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Help please - Can not use/export private key after domain change
    ... You see only one EFS certificate in your private cert store? ... the certificate, also when I view it, it says that I have private key ... Windows XP encrypts the ...
    (microsoft.public.security)
  • Re: Online Only Digital Signature
    ... What's important is not whether the file contains the private key, ... In the above, the certificate is placed into the local machine store, and ... Can you open the cert store, ...
    (microsoft.public.dotnet.security)