Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

X509 certificate not loading private key file on server

I'm using the Google Analytics API and I followed this SO question to set up the OAuth: https://stackoverflow.com/a/13013265/1299363

Here is my OAuth code:

public void SetupOAuth () {     var Cert = new X509Certificate2(         PrivateKeyPath,          "notasecret",          X509KeyStorageFlags.Exportable);     var Provider = new AssertionFlowClient(GoogleAuthenticationServer.Description, Cert)     {         ServiceAccountId = ServiceAccountUser,         Scope = ApiUrl + "analytics.readonly"     };     var Auth = new OAuth2Authenticator<AssertionFlowClient>(Provider, AssertionFlowClient.GetState);     Service = new AnalyticsService(Auth); } 

PrivateKeyPath is the path of the private key file provided by Google API Console. This works perfectly on my local machine, but when I push it up to our test server I get

System.Security.Cryptography.CryptographicException: An internal error occurred. 

with the following stack trace (irrelevant parts removed):

System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) +33 System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx) +0 System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags) +237 System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) +140 Metrics.APIs.GoogleAnalytics.SetupOAuth() in <removed>\Metrics\APIs\GoogleAnalytics.cs:36 Metrics.APIs.GoogleAnalytics..ctor(String PrivateKeyPath) in <removed>\Metrics\APIs\GoogleAnalytics.cs:31 

So it appears as if it is having trouble loading the file. I've checked the PrivateKeyPath that is passed in and it is pointing to the correct location.

Any ideas? I don't know if this is an issue with the server, the file, the code or what.

like image 957
acurcie Avatar asked Jan 10 '13 17:01

acurcie


People also ask

How do I fix a private key certificate?

Assign the existing private key to a new certificateSign in to the computer that issued the certificate request by using an account that has administrative permissions. Select Start, select Run, type mmc, and then select OK. On the File menu, select Add/Remove Snap-in. In the Add/Remove Snap-in dialog box, select Add.

How do I install a private key certificate?

Navigate to Personal | Certificates pane. Right-click within the Certificates panel and click All Tasks | Import to start the Certificate Import Wizard. Follow the wizard to import the signed certificate along with the private key.

How do I know if my certificate has a private key?

In the Certificate windows that appears, you should see a note with a key symbol underneath the Valid from field that says, "You have a private key that corresponds to this certificate." If you do not see this, then your private key is not attached to this certificate, indicating a certificate installation issue.

How do I find my private Windows key?

Go to: Certificates > Personal > Certificates. Right-click on the certificate you wish to export and go to All Tasks and hit Export. Hit Next on the Certificate Export Wizard to begin the process. Select “Yes, export the private key” and hit next.


2 Answers

One of things that comes to my mind is the identity of your app pool, make sure that the Load user profile is turned on otherwise the crypto subsystem does not work.

like image 191
Wiktor Zychla Avatar answered Sep 21 '22 11:09

Wiktor Zychla


I'm loading my p12 file with

new X509Certificate2( HostingEnvironment.MapPath(@"~/App_Data/GoogleAnalytics-privatekey.p12"), .... 

I actually got a FileNotFoundException even though File.Exists(filename) returned true.

As @Wiktor Zychla said it's as simple as enabling Load User Profile

Here's an image of the setting that needs changing

Just right click on the app pool under 'Application Pools' in IIS and select 'Advanced Settings' and the setting you need is about halfway down.

enter image description here

Tip: I'd recommend commenting your code with this to prevent future time wasted since it's so obscure if you've never come across it before.

  // If this gives FileNotFoundException see    // http://stackoverflow.com/questions/14263457/ 
like image 33
Simon_Weaver Avatar answered Sep 22 '22 11:09

Simon_Weaver