Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

X509Certificate - Keyset does not exist

I have a WinForms application that consumes a WCF, and pass as a parameter to a function a certificate:

mySvcClient.SendDocument(cert.Export(X509ContentType.SerializedCert, "password")); ... 

In WCF service, I recreated the certificate from the array of bytes:

public void SendDocument (byte[] binaryCert) {         X509Certificate2 cert = new X509Certificate2(binaryCert, "password"); ... 

But when using the certificate to sign a xml, I got the error "Keyset does not exist":

if (cert.HasPrivateKey) // WORKS!!! {        signedXml.SigningKey = cert.PrivateKey; // THROW "keyset does not exist" EXCEPTION ... 

In my computer, the application works 100%! But in the WebServer, I got this error!

The question is: even X509Certificate2 recreated from an array of bytes, I need some special permission to access private key?

Thank you!

like image 672
BrunoXP Avatar asked Jun 17 '11 21:06

BrunoXP


People also ask

How do I fix keyset does not exist?

I was getting the error : CryptographicException 'Keyset does not exist' when i run the MVC application. Solution was : to give access to the personal certificates to the account that application pool is running under. In my case it was to add IIS_IUSRS and choosing the right location resolved this issue.

How do I fix the keyset does not exist in CryptographicException?

Step 1: Go to folder (C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA). Step 2: Open properties for MachineKeys Folder and go to Security Tab. Step 3: Provide Read & execute and List folder contents permission for IUserand Network Service account.


2 Answers

If you are using windows server 2008 or windows 7, then you need the permission to read private key.

  1. use FindPrivateKey tool to find path. For example:

FindPrivateKey My LocalMachine -n "CN=MyCert" –a

it returns the path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys[File Name]

  1. Go to that path and open file properties

  2. Go to security tab

  3. Click on "Edit" then "Add"

  4. In opened dialog write: IIS AppPool\[your application pool name] and click OK

Now your application pool has permission to read this private key.

like image 79
Vano Maisuradze Avatar answered Oct 15 '22 01:10

Vano Maisuradze


I have faced this issue, my certificates where having private key but i was getting this error("Keyset does not exist")

Cause: Your web site is running under "Network services" account or having less privileges.

Solution: Change Application pool identity to "Local System", reset IIS and check again. If it starts working it is permission/Less privilege issue, you can impersonate then using other accounts too.

like image 20
Vaibhav.Inspired Avatar answered Oct 15 '22 01:10

Vaibhav.Inspired