stackoom
  简体   繁体   中英

x509 certificate not recognized in Windows server 2008 R2

 原文  2014-03-26 06:59:29       c#/ x509certificate

Question

I got one Digital certificate from NeutralUS CA. I have installed in my local system. I found the installed certificate under Personal Certificates in MMC and my application validated with this certificate. I just moved to my application to our production server and installed same certificate. here also i can see my certificate under personal certificates in MMC on windows server 2008 R2. But when I am trying to load certificate with serial number, it is showing the store certificates count is zero. Could you please tell me what would be the reason? Why it is not recognize from the Personal folder. i have only one certificate in in personal folder. 

var clientCertStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);

clientCertStore.Open(OpenFlags.OpenExistingOnly & OpenFlags.ReadOnly);
base.Data.ErrorLog.Append("Certificates Count : " + clientCertStore.Certificates.Count);

I just log the data into one text file... it is giving clientCertStore.Certificates.Count as 0.

1 answers

solution1
 0  2014-03-27 09:38:45

I got one Digital certificate from NeutralUS CA. I have installed in my local system.

What is installed? Is the end entity cert installed and trusted? Or is it the NeutralUS CA?

I could not find the NeutralUS CA for download on the net. That's unusual.

Could you please tell me what would be the reason? Why it is not recognize from the Personal folder.

I suspect its a problem with accounts (but its just a guess). What account was the certificate installed under, and what account is the program running under?

I really despise how difficult Java and .Net make it to use a damn certificate. Here's the code I use to avoid wasting time with those damn stores. It allows you to load directly from the filesystem or an app bundle. It also does not use the hundreds of CAs and subordinates that Windows carries around. 

static bool VerifyServerCertificate(object sender, X509Certificate certificate,
    X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
    try
    {
        String CA_FILE = "ca-cert.der";
        X509Certificate2 ca = new X509Certificate2();
        ca.Import(CA_FILE);

        X509Chain chain2 = new X509Chain();
        chain2.ChainPolicy.ExtraStore.Add(ca);

        // Check all properties
        chain2.ChainPolicy.VerificationFlags = X509VerificationFlags.NoFlag;

        // This setup does not have revocation information
        chain2.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;

        // Are there any failures from building the chain?
        chain2.Build(new X509Certificate2(certificate));
        if (chain2.ChainStatus.Length == 0)
            return true;

        // Verify the status is NoError
        bool result = chain2.ChainStatus[0].Status == X509ChainStatusFlags.NoError;
        Debug.Assert(result == true);

        return result;
    }
    catch (Exception ex)
    {
        Console.WriteLine(ex);
    }

    return false;
}

And I still have not figured out how to set the original X509Chain chain that comes in as a parameter to the X509Chain chain2 that I want to use before the callback VerifyServerCertificate is invoked.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Certificate chain X509 Is X509 certificate qualifed? X509 Certificate format Do Windows or browsers save the signature of X509 certificate? Where to store X509 certificate for Windows service? X509 certificate not loading private key file on server X509 Certificate Public Key Padding How to fully validate a X509 certificate? C# x509 certificate decoder signing a xml document with x509 certificate
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM