Need help on x509 certificate installation

From: "jcvoon" <jcvoon@xxxxxxxxxxxxxx>
Date: 19 Oct 2005 00:07:38 -0700

Hi:

I've create the following certificate using makecert.exe version
5.131.2157.1 (Come with .Net SDK v.1.1)

makecert -cy authority -r -n "CN=Test Authority" -sr localmachine -ss
"Trust"
makecert -cy end -n "CN=Test Server" -sky exchange -sk "TestServer" -ss
"My" -sr localmachine -in "Test Authority" -ir localmachine -is "Trust"

And the certificate has been install into LocalComputer\Enterprise
Trust and LocalComputer\Personal store respectively.

I've export the "Test Server" certificate from LocalComputer\Personal
store and import it into CurrentUser\Other People store

I configure both my webservice and client application WSE 2.0 policy
file by:

1. Enable signature and encryption on both request and response message
2. Select user name token as client authentication token
3. Choose the X509 certificate from local machine-personal store (or
current user-other people store for client application)

When the WinForm client try to access the web service it raise the
SoapHeaderException: "Server unavailable, please try later -->
System.InvalidOperationException: Private Key is not available"

May be this is because the APS.Net account has no permission to access
the private key, so I use the WSE x.509 Certificate tool,
choose the "Test Server" certificate from Local Computer/Personal store
click the "View private key file properties".

My questions:

1. Why the properties dialog only show general tab, i don't know where
to grant the permission to ASP.net account
(I already uncheck the "Use simple file sharing" in Window explorer
tools|FolderOptions)

2. Why the privatekey location is at "C:\Documents and Settings\My
login name" instead of "C:\Documents and Settings\All Users" ?

Both the Winform client and webservice is running on same WinXP Pro
machine and the disk is format as FAT32.

Please Help

Thanks
JCVoon

.

Follow-Ups:
- Re: Need help on x509 certificate installation
  - From: jcvoon

Prev by Date: Re: WSE 3.0 Authentication - Security requirements are not satisfied because ......
Next by Date: Re: WSE 3.0 Authentication - Security requirements are not satisfied because ......
Previous by thread: WSE 3.0 Authentication - Security requirements are not satisfied because ......
Next by thread: Re: Need help on x509 certificate installation
Index(es):
- Date
- Thread

Relevant Pages

Re: LDAP and SASL
... Getting client certficates to work under ASP.NET is a bit of PITA because ... The private key needs to be ... What I would suggest doing would be to export the certificate and private ... >>> Dim searcherLdap As New DirectorySearcher ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: PFXExportCertStoreEx
... which contains the actual PFX and write that to the disk. ... methods to export certificate + private key from the IE store. ...
(microsoft.public.platformsdk.security)
Re: HttpWebRequest failure with TLS
... My guess is that you are going to want it in the machine store as the ... account your web service client is running under will eventually change to ... private key associated with it in the cert properties dialog. ... certificate should go in the personal store. ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Client Certificates
... I hope you are talking about exporting the pfx file on the CLIENT machine ... The way PKI certificate generation usually works is the following: ... - CA signs that information (i.e. encrypts the hash of that info with its own private key) ...
(microsoft.public.security)
Re: Unable to unwrap a symmetric key using the private key of an X
... the certificate (public and private key) is ... installed in the personal store of both local computer and current user and I ... The problem is related to the certificate store on the web service side. ... You installed the certificate in "OtherPeople" store but the policy points ...
(microsoft.public.dotnet.framework.webservices.enhancements)