Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

how to load password protected certificates from the X509Store?

Tags:

I am building an ACS protected Azure WCF service that will require clients to authenticate via a certificate.

I would like the client (and the server) to load their respective password certs from the X509Store instead of from the file system.

I am using this code:

private static X509Certificate2 GetCertificate(string thumbprint) {     var certStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);     certStore.Open(OpenFlags.ReadOnly);      X509Certificate2Collection certCollection = certStore.Certificates.Find(         X509FindType.FindByThumbprint,         thumbprint, false);      certStore.Close();      if (certCollection.Count == 0)     {         throw new System.Security.SecurityException(string.Format(CultureInfo.InvariantCulture, "No certificate was found for thumbprint {0}", thumbprint));     }      return certCollection[0];  }

Problem is, it's not loading the private key which it needs for authentication. I have tried to modify the return statement to this:

return new X509Certificate2(certCollection[0].Export(X509ContentType.Pfx, "password"));

However, this fails with a CryptographicException "The spcecified network password is incorrect".

Edit: The .Export() method works properly if you don't pass the password argument in.

Any help on this?

like image 958
Pete Maroun Avatar asked Sep 13 '12 03:09

Pete Maroun

2 Answers

When you export, the password you provide is the password you want to use for the exported file, it's not the password for the source certificate.

I'm not sure what you can do with X509Store and password-protected certs because the password should be supplied to the X509Certificate constructor and you get already-instantiated objects out of the store.

I think you can just get the raw data from the cert you want and construct a new one with the password you want. For example:

X509Certificate2 cert = new X509Certificate2(certCollection[0].GetRawCertData, password);

I would also suggest you try to use SecureString when dealing with passwords (but that's a different bag of worms...)

like image 72
Peter Ritchie Avatar answered Sep 22 '22 02:09

Peter Ritchie

I used the Export without the 'password' parameter and it worked without issue.

like image 26
Pete Maroun Avatar answered Sep 26 '22 02:09

Pete Maroun
Sign in to Comment

Related questions

How can I add an existing folder structure to my visual studio project (python tools)?
Variable length array in the middle of struct - why this C code is valid for gcc
django logging set context globally per request?
Creating a virtual monitor/virtual display device [closed]
How can I seek to frame No. X with ffmpeg?
Equivalent of -ftree-vectorizer-verbose for clang
scope calling functions inside functions
! [remote rejected] master -> master (pre-receive hook declined) [duplicate]
ADB equivalent for iOS device
Filter Visual Studio 2013 TFS merge to only files that have actually changed
Error handling "Out of Memory Exception" in browser?
How to detect clicks outside of a css modal? [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!