get private key with dotnet core on linux

Question

I have a program that find a certificate into a store, and test if the rsa private key is present.

var store = (StoreName.CertificateAuthority, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindByThumbprint, "a02274af4e74defc0bf2ffb45e2d90bdbb1282f9", false);

if (certs.Count > 0)
{
    Console.WriteLine("Cert found");
    X509Certificate2 cert = certs[0];
    var rsa = cert.GetRSAPrivateKey();
    if (rsa == null)
        Console.WriteLine("rsa failed");
    else
        Console.WriteLine("rsa ok");
}

On Windows everything is fine with the certificate in pfx installed into the store.

On linux, the certificate is found, but the private key is not. I used this SO answer to convert my pfx to crt file : https://stackoverflow.com/a/16724275/1083225 and I put the crt file into /usr/local/share/ca-certificates , and executed update-ca-certificates If I look into the crt file, the rsa is present.

It's a .NETCoreApp 1.1

Answer 1

The cert loader for LM\\Root on Linux only loads the files as X.509 DER or X.509 PEM, so no private key material is loaded.

If you want a self-issued certificate to be root trusted, adding it to wherever your distro considers to be the root trust for OpenSSL is correct. If you also need to access the private key associated with that certificate, you'll need to have it also be in a CurrentUser store, or for you to manually load it as a PFX.