Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

X.509 certificate can't find with "FindBySubjectName"

After a brutal struggle with WCF Security, I think I'm at the final stage now and can see the light.

I've got a Client certificate installed on my server, and is now, as advised, in the Trusted People folder of the certificate store.

However, when I try and read the certificate application -> service, I get this error:

Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'CurrentUser', FindType 'FindBySubjectName', FindValue 'Forename Surname'.

With the "Forename Surname" being the "Issued to" part of my certificate. In all tutorials I have seen, this is just one word; is this the problem? I received my certificate from my CA with these two words, with a space.

Anyone ever come across this, is there something I'm blatantly doing wrong?

Update, cert can be seen here:

enter image description here

Update:

It gets even more strange:

I installed Visual Studio on my web server, and used the following code to pick up the cert by Thumbprint:

var store = new X509Store(StoreName.TrustedPeople, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
var certs = store.Certificates.Find(X509FindType.FindByThumbprint, "71995159BFF803D25BFB691DEF7AF625D4EE6DFB", false);

This actually RETURNS a valid result. When I put this information into the web.config of my service/client though, I still get the error.

like image 254
Chris Dixon Avatar asked Nov 06 '12 10:11

Chris Dixon


People also ask

Where are x 509 certificates stored?

Certificates stores are kept in the system registry under the keys HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates and HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates. Each user has a MY certificate store which contains his/her personal certificates.

How are x509 certificates validated?

As part of the X. 509 verification process, each certificate must be signed by the same issuer CA named in its certificate. The client must be able to follow a hierarchical path of certification that recursively links back to at least one root CA listed in the client's trust store.


1 Answers

I think..You installed certificate at location Trusted People and searching at store name my

var store = new X509Store(StoreName.TrustedPeople, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
var certs = store.Certificates.Find(X509FindType.FindBySubjectDistinguishedName, certificateSubject, false);

Also there are two search terms FindBySubjectName or FindBySubjectDistinguishedName, the later is more relevant with keywords and first one will find anything with search keywords.

So basically you need to look for Subject and if you use above code then your search string would be .."CN=urs.microsoft.com, O=DO_NOT_TRUST, OU=Created by http://fiddler2.com"

Certificate properties

like image 118
indiPy Avatar answered Sep 22 '22 03:09

indiPy