Menu
//cert is an EF Entity and // cert.CertificatePKCS12 is a byte[] with the certificate. var certificate = new X509Certificate(cert.CertificatePKCS12, "SomePassword"); When loading a certificate from our database, on our staging server (Windows 2008 R2/IIS7.5) we get this exception:
System.Security.Cryptography.CryptographicException: An internal error occurred. at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx) at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags) NOTE: This issue does not happen locally (Windows 7/Casini).
Any insight is greatly appreciated.
809
X509Certificate2(String, String, X509KeyStorageFlags) Initializes a new instance of the X509Certificate2 class using a certificate file name, a password used to access the certificate, and a key storage flag. X509Certificate2(String, SecureString, X509KeyStorageFlags)
The X509Chain object has a global error status called ChainStatus that should be used for certificate validation. The rules governing certificate validation are complex, and it is easy to oversimplify the validation logic by ignoring the error status of one or more of the elements involved.
X509Store(StoreLocation) Initializes a new instance of the X509Store class using the personal certificate store from the specified store location value. X509Store(StoreName) Initializes a new instance of the X509Store class using the specified store name from the current user's certificate stores.
Defines where and how to import the private key of an X. 509 certificate. This enumeration supports a bitwise combination of its member values.
Turns out there's a setting in the IIS Application Pool configuration (Application Pools > Advanced Settings) to load the user profile for the application pool identity user. When set to false, the key containers aren't accessible.
So just set Load User Profile option as True
111
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
