Re: WSE 3.0 - Correct placement/setting/permission for x509 certificates
- From: "Kyle Jedrusiak" <kjedrusiak@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 27 Jul 2007 12:05:32 -0400
Here's the error out of my App Log
Event Type: Error
Event Source: Microsoft WSE 3.0
Event Category: None
Event ID: 0
Date: 07/25/2007
Time: 09:16:27 AM
User: N/A
Computer: GRV8H51
Description:
System.ApplicationException: WSE841: An error occured processing an outgoing
fault response. ---> System.Web.Services.Protocols.SoapException:
System.Web.Services.Protocols.SoapException: Server was unable to process
request. ---> System.Security.Cryptography.CryptographicException: WSE600:
Unable to unwrap a symmetric key using the private key of an X.509
certificate. Please check if the account 'GRV8H51\ASPNET' has permissions to
read the private key of certificate with subject name
'CN=apws.princetoninformation.com, OU=Terms of use at www.verisign.com/rpa
(c)05, OU=IT, O="Princeton Information, Ltd.", L=Edison, S=New Jersey, C=US'
and thumbprint '1F381EE83085F6816458B59D7B90EF1C9DC9E8A1'. --->
System.Security.Cryptography.CryptographicException: WSE593: Unable to
decrypt the key. Please check if the process has the right permission to
access the private key. --->
System.Security.Cryptography.CryptographicException: Bad Key.
at
System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32
hr)
at System.Security.Cryptography.Utils._DecryptKey(SafeKeyHandle hPubKey,
Byte[] key, Int32 dwFlags)
at System.Security.Cryptography.RSACryptoServiceProvider.Decrypt(Byte[]
rgb, Boolean fOAEP)
at
Microsoft.Web.Services3.Security.Cryptography.RSA15KeyExchangeFormatter.DecryptKey(Byte[]
cipherKey)
--- End of inner exception stack trace ---
at
Microsoft.Web.Services3.Security.Cryptography.RSA15KeyExchangeFormatter.DecryptKey(Byte[]
cipherKey)
at Microsoft.Web.Services3.Security.EncryptedKey.Decrypt()
--- End of inner exception stack trace ---
at Microsoft.Web.Services3.Security.EncryptedKey.Decrypt()
at Microsoft.Web.Services3.Security.Security.LoadXml(XmlElement element)
at Microsoft.Web.Services3.Security.Security.CreateFrom(SoapEnvelope
envelope, String localActor, String serviceActor)
at
Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope
envelope)
at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope
envelope)
at Microsoft.Web.Services3.WseProtocol.FilterRequest(SoapEnvelope
requestEnvelope)
at Microsoft.Web.Services3.WseProtocol.RouteRequest(SoapServerMessage
message)
at System.Web.Services.Protocols.SoapServerProtocol.Initialize()
at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type,
HttpContext context, HttpRequest request, HttpResponse response, Boolean&
abortProcessing)
--- End of inner exception stack trace ---
--- End of inner exception stack trace ---
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
"Kyle Jedrusiak" <kjedrusiak@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23k$IMMszHHA.5408@xxxxxxxxxxxxxxxxxxxxxxx
I have a web service and a console app.
My initial WSE 3.0 configuration is the same as that of the MS P&P
QuickStart examples.
With this configuration the console app can call the web service and it
works as it's supposed to..
We then purchased a real x509 certificate from VeriSign.
I imported it into the same certificate folders (again following the
QuickStart examples.)
I'm trying to use the real x509 for the web service and the key for the
QuickStart examples for the client.
(This will change in production as the partner company that will be using
the web service will provide their own x509 certificate.)
I keep getting errors about ASPNET not having access to the certificate.
I've gone to the registry and giving permission to ASPNET, Local Service,
Network Service to the Machine\My folder.
I've done the same on the file system for the folder from where I imported
the certificate.
I've tried using the winhttpcertcfg.exe tool. That gives me...
Error: Access was not successfully obtained for the private key.
This can only be done by the user who installed the certificate.
This is the last error I've gotten.
WSE841: An error occured processing an outgoing fault response. --->
System.Web.Services.Protocols.SoapException:
System.Web.Services.Protocols.SoapException: Server was unable to process
request. ---> System.Security.Cryptography.CryptographicException: WSE600:
Unable to unwrap a symmetric key using the private key of an X.509
certificate. Please check if the account 'GRV8H51\ASPNET' has permissions
to read the private key of certificate with subject name
'CN=apws.princetoninformation.com, OU=Terms of use at www.verisign.com/rpa
(c)05, OU=IT, O="Princeton Information, Ltd.", L=Edison, S=New Jersey,
C=US' and thumbprint '1F381EE83085F6816458B59D7B90EF1C9DC9E8A1'. --->
System.Security.Cryptography.CryptographicException: WSE593: Unable to
decrypt the key. Please check if the process has the right permission to
access the private key. --->
System.Security.Cryptography.CryptographicException: Bad Key.
I've been playing with this for DAYS!!!! It just shouldn't be this hard.
Nothing I've found on the net gives me the explicit and correct way to
make it work.
Help!
Kyle!
.
- References:
- WSE 3.0 - Correct placement/setting/permission for x509 certificates
- From: Kyle Jedrusiak
- WSE 3.0 - Correct placement/setting/permission for x509 certificates
- Prev by Date: WSE 3.0 - Correct placement/setting/permission for x509 certificates
- Next by Date: Re: TCP Webservice trying to use classes from a separate dll
- Previous by thread: WSE 3.0 - Correct placement/setting/permission for x509 certificates
- Next by thread: Re: TCP Webservice trying to use classes from a separate dll
- Index(es):
Relevant Pages
|
