Signing Credentials - X509 Certificate with Private Key - SAML2
Question
I know hardly anything about certificates, with regards that there's a CA , public and private key , and I'm learning as I go. I am creating an SSO login using SAML 2 , which I have working with the excecption of adding the <Signature> element.
Creating the certificate:
I have a copy of makecert.exe and pvk2pfx.exe in a directory. I open cmd and type the following:
makecert -r -pe -n "CN=Test Cert" -sky exchange -sv testcert.pvk testcert.cer
A dialog box pops up, asking for a password and confirm password, which I enter. Another dialog box pops up asking for the password (I'm assuming this is the same one I entered prior, which I have been doing). This creates a testcert.cer in the same directory.
I then type this into cmd
pvk2pfx -pvk testcert.pvk -spc testcert.cer -pfx testcert.pfx
EDIT: It asks me for a password. I enter the same password ( private key ) that I used when creating the cer .
It creates a pfx file in the directory.
Here's where I am confused. If I import the cer file into MMC , I can access it:
X509Certificate2 cert = null;
var store = new X509Store(StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
var storeCollection = store.Certificates.Find(X509FindType.FindBySubjectName, "Test Cert", false);
if (storeCollection.Count == 1)
{
cert = storeCollection[0];
}
if (cert == null)
{
throw new ArgumentNullException("Certificate", "No certificate found.");
}
store.Close();
However, when I do this, the private key (property) is null . I read that the private key is in the pfx file. So, instead of accessing the store, I do this:
privateKey is the private key that I used when creating the certificate using makecert.exe
X509SigningCredentials clientSigningCredentials = new X509SigningCredentials(
X509Certificate2(@"c:\directory\testcert.pfx", privateKey, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable));
I receive an error: The specified network password is not correct.
I also attempt to import the pfx file into MMC , instead of the cer file. It asks me for a password. I put the password in that I used to create the certificate using makecert.exe . It ALWAYS tells me that the password is incorrect.
What am I doing wrong?
1 answers
solution1
0 2015-02-25 18:11:15
I believe that the makecert and pvk2pfx was somehow incorrect. I know this isn't an answer, but I found this nifty little tool:
Basically did the same thing, but when I viewed the certificate it had the:
You have a private key that corresponds to this certificate
The other testcert.cer did not have this.
Now the code
X509SigningCredentials clientSigningCredentials = new X509SigningCredentials(
X509Certificate2(@"c:\directory\testcert.pfx", privateKey, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable));
comes back w/ no issues, and my SAML Assertion is good to go.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.