RE: Bug in X509Certificate.GetSerialNumber and X509Certificate.GetSerialNumberString

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Peter Huang (v-phuang_at_online.microsoft.com)
Date: 02/23/05 

Date: Wed, 23 Feb 2005 09:31:27 GMT

Hi

Based on my research, I think this is the different order about how win32
explorer and .NET framework handle the serial number byte array.
I have tried to open a test certificate and I find that the certificate's
byte array order is same as the output of .net's GetSerialNumber method. It
seems that the explorer has done the reverse job in advance. Based on my
knowlege, the serial number is used to identify the certificate which is
similar with GUID, so usually we use it to compare if two cert is identity.
So in the .net world, we do not need to do the reverse job.

While if you want to show the serialnumber same with the explorer.
We can just do the reserver job in .net as below.

// The path to the certificate.
string Certificate = @"c:\test.cer";
// Load the certificate into an X509Certificate object.
X509Certificate cert = X509Certificate.CreateFromCertFile(Certificate);
// Get the value.
byte[] results = cert.GetSerialNumber();
Array.Reverse(results);
// Display the value to the console.
foreach(byte b in results)
{
        Console.Write("{0:x} ",b);
}
Console.WriteLine();

If you still have any concern, please feel free to post here.

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

Relevant Pages

  • Re: Certificate problem
    ... error it shows is mentioned above, it even says the certificate is valid. ... I get "revocation for this certificate is not available". ... For your www.ekool.ee site, its CRL is listed as "URL=http://www.sk.ee/crls/klass3/klass3.crl";, which isn't reachable, down, or the path is invalid to the .crl revocation file). ... Certificate users MUST be able to handle serialNumber values up to 20 octets. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: X509Certificate vs HttpClientCertificate
    ... So comparison based on issuer SerialNumber field only is not really ... good security practise (unless you check the issuer and the issuer signature also). ... Checking the hash of the binary-der cert is a simple and unique way to ... The SerialNumber certificate field is stored in the cert in exactly the ...
    (microsoft.public.dotnet.security)
  • Re: How do you configure I.E. to open Sharepoint sites.
    ... Is there a fix for the explorer issue? ... There may also be a certificate issue too. ... Small Business server is internet connected. ... I need to get my clients workstations to open their sharepoint site. ...
    (microsoft.public.windows.server.sbs)
  • Re: Retrieving certificate from its issuer and serial number
    ... You can retrieve Certificate Serial Number and Issuer Name from ... SerialNumber and IssuerName property of CAPICOM.Certificate object. ... Use API CertStrToName to convert IssuerName to API compatible format. ... CertFindCertificateInStore // to finally find the certificate in store ...
    (microsoft.public.platformsdk.security)
  • Client certificate caching
    ... Internet ... client authentication to a particular web site on IIS. ... invalid certificate, you need to close all open Internet ... Explorer windows and open a new browser window before ...
    (microsoft.public.inetserver.iis.security)