X509Certificate.CreateFromCertFile - the specified network password is not correct

Question

I have a .NET application that I want to use as a client to call an SSL SOAP web service. I have been supplied with a valid client certificate called foo.pfx. There is a password on the certificate itself.

I've located the certificate at the following location: C:\certs\foo.pfx

To call the web service, I need to attach the client certificate. Here's the code:

public X509Certificate GetCertificateFromDisk(){     try{                      string certPath = ConfigurationManager.AppSettings["MyCertPath"].ToString();         //this evaluates to "c:\\certs\\foo.pfx". So far so good.         X509Certificate myCert = X509Certificate.CreateFromCertFile(certPath);        // exception is raised here! "The specified network password is not correct"          return cert;       }     catch (Exception ex){             throw;      } } 

It sounds like the exception is around the .NET application trying to read the disk. The method CreateFromCertFile is a static method that should create a new instance of X509Certificate. The method isn't overridden, and has only one argument: the path.

When I inspect the Exception, I find this:

_COMPlusExceptionCode = -532459699 Source=mscorlib 

Question: does anyone know what the cause of the exception "The specified network password is not correct" ?

Answer 1

Turns out that I was trying to create a certificate from the .pfx instead of the .cer file.

Lesson learned...

• .cer files are an X.509 certificate in binary form. They are DER encoded.
• .pfx files are container files. Also DER encoded. They contain not only certificates, but also private keys in encrypted form.