I know hardly anything about certificates, with regards that there's a CA
, public
and private key
, and I'm learning as I go. I am creating an SSO login using SAML 2
, which I have working with the excecption of adding the <Signature>
element.
Creating the certificate:
I have a copy of makecert.exe
and pvk2pfx.exe
in a directory. I open cmd
and type the following:
makecert -r -pe -n "CN=Test Cert" -sky exchange -sv testcert.pvk testcert.cer
A dialog box pops up, asking for a password and confirm password, which I enter. Another dialog box pops up asking for the password (I'm assuming this is the same one I entered prior, which I have been doing). This creates a testcert.cer
in the same directory.
I then type this into cmd
pvk2pfx -pvk testcert.pvk -spc testcert.cer -pfx testcert.pfx
EDIT: It asks me for a password. I enter the same password ( private key
) that I used when creating the cer
.
It creates a pfx
file in the directory.
Here's where I am confused. If I import the cer
file into MMC
, I can access it:
X509Certificate2 cert = null;
var store = new X509Store(StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
var storeCollection = store.Certificates.Find(X509FindType.FindBySubjectName, "Test Cert", false);
if (storeCollection.Count == 1)
{
cert = storeCollection[0];
}
if (cert == null)
{
throw new ArgumentNullException("Certificate", "No certificate found.");
}
store.Close();
However, when I do this, the private key (property) is null
. I read that the private key is in the pfx
file. So, instead of accessing the store, I do this:
privateKey
is the private key that I used when creating the certificate using makecert.exe
X509SigningCredentials clientSigningCredentials = new X509SigningCredentials(
X509Certificate2(@"c:\directory\testcert.pfx", privateKey, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable));
I receive an error: The specified network password is not correct.
I also attempt to import the pfx
file into MMC
, instead of the cer
file. It asks me for a password. I put the password in that I used to create the certificate using makecert.exe
. It ALWAYS tells me that the password is incorrect.
What am I doing wrong?
I believe that the makecert
and pvk2pfx
was somehow incorrect. I know this isn't an answer, but I found this nifty little tool:
Basically did the same thing, but when I viewed the certificate it had the:
You have a private key that corresponds to this certificate
The other testcert.cer
did not have this.
Now the code
X509SigningCredentials clientSigningCredentials = new X509SigningCredentials(
X509Certificate2(@"c:\directory\testcert.pfx", privateKey, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable));
comes back w/ no issues, and my SAML Assertion is good to go.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.