Re: X.509 Unwrap Woes
- From: "Pablo Cibraro" <pcibraro@xxxxxxxxxxx>
- Date: Mon, 27 Feb 2006 11:15:06 -0300
Hi Joel,
You need to give read permissions over the private keys to ASP.NET.
You can give those permissions using the Certificate tool provided by WSE or
using the tool "winhttpcertcfg.exe".
Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax
"Joel C." <JoelC@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BA3B0E39-4F1E-4FCF-AA39-47812B9B2B00@xxxxxxxxxxxxxxxx
I have created certificates with the following commands:
makecert -cy authority -r -n "CN=Foo.CA" -sr localmachine -ss "Trust"
makecert -cy end -n "CN=Foo.Server.1" -sky exchange -sk "Foo.Server.1 SK"
-ss "My" -sr localmachine -in "Foo.CA" -ir localmachine -is "Trust"
makecert -cy end -n "CN=Foo.Client.1" -sky exchange -sk "Foo.Client.1 SK"
-ss "My" -sr localmachine -in "Foo.CA" -ir localmachine -is "Trust"
I use the WSE3.0 wizards to enable the features on both the client and the
server. At first I got trust errors, but in the interest of just seeing
things work, I unchecked "verify trust". Having gotten past that, now no
matter what I seem to try, I always get the following error:
System.ApplicationException: WSE841: An error occured processing an
outgoing
fault response.
---> System.Web.Services.Protocols.SoapException:
System.Web.Services.Protocols.SoapException: Server was unable to process
request.
---> System.Security.Cryptography.CryptographicException: WSE600: Unable
to
unwrap a symmetric key using the private key of an X.509 certificate.
Please
check if the account '[machinename]\ASPNET' has permissions to read the
private key of certificate with subject name 'CN=Foo.Server.1' and
thumbprint
'B4DF9BA97312A30FC113F802F9BD684901C1645D'.
---> System.Security.Cryptography.CryptographicException: WSE593: Unable
to
decrypt the key. Please check if the process has the right permission to
access the private key.
---> System.Security.Cryptography.CryptographicException: Error occurred
while decoding OAEP padding.
at System.Security.Cryptography.Utils._DecryptPKWin2KEnh(SafeKeyHandle
hPubKey, Byte[] key, Boolean fOAEP, Int32& hr)
at System.Security.Cryptography.RSACryptoServiceProvider.Decrypt(Byte[]
rgb, Boolean fOAEP)
at
Microsoft.Web.Services3.Security.Cryptography.RSAOAEPKeyExchangeFormatter.DecryptKey(Byte[]
cipherKey)
--- End of inner exception stack trace ---
at
Microsoft.Web.Services3.Security.Cryptography.RSAOAEPKeyExchangeFormatter.DecryptKey(Byte[]
cipherKey)
at Microsoft.Web.Services3.Security.EncryptedKey.Decrypt()
--- End of inner exception stack trace ---
at Microsoft.Web.Services3.Security.EncryptedKey.Decrypt()
at Microsoft.Web.Services3.Security.Security.LoadXml(XmlElement element)
at Microsoft.Web.Services3.Security.Security.CreateFrom(SoapEnvelope
envelope, String localActor, String serviceActor)
at
Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope
envelope)
at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope
envelope)
at Microsoft.Web.Services3.WseProtocol.FilterRequest(SoapEnvelope
requestEnvelope)
at Microsoft.Web.Services3.WseProtocol.RouteRequest(SoapServerMessage
message)
at System.Web.Services.Protocols.SoapServerProtocol.Initialize()
at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type,
HttpContext context, HttpRequest request, HttpResponse response, Boolean&
abortProcessing)
--- End of inner exception stack trace ---
--- End of inner exception stack trace ---
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Am I creating the certs incorrectly? Is there something I need to do to
open up permissions for ASPNET for something it doesn't have already? Any
help would be greatly appreciated!
Regards,
Joel
.
- References:
- X.509 Unwrap Woes
- From: Joel C.
- X.509 Unwrap Woes
- Prev by Date: Re: user name and pasword encryption WSE2.0
- Next by Date: Re: WS-reliable messaging
- Previous by thread: X.509 Unwrap Woes
- Next by thread: WSE 2.0 / require client cert on IIS / IIS still gives me 403.7
- Index(es):
Relevant Pages
|
