locked
CMC request with ArchivePrivateKey giving file not found error RRS feed

  • Question

  • Hi i am trying to get a certificate from the CA server in which i am trying to place the request with following criteria and it shows the error at Encode method calling please assist me is i am doing this in a correct way

    I am getting the following error : System.IO.FileNotFoundException: CertEnroll::CX509CertificateRequestCmc::Encode: The system cannot find the file specified. - Please clarify me where is i am doing wrong

    I am using windows 2008 R2, .Net 3.5

    the code for request is

    string strCAName = ConfigurationSettings.AppSettings["CANAME"];

                    CX509CertificateRequestPkcs10Class request = new CERTENROLLLib.CX509CertificateRequestPkcs10Class();

                    request.InitializeFromTemplateName(X509CertificateEnrollmentContext.ContextUser, strTemplate);

                    CX500DistinguishedName objName = new CX500DistinguishedName();

                    objName.Encode("CN=" + adUserName , X500NameFlags.XCN_CERT_NAME_STR_NONE);

                    request.Subject = objName;

                    request.PrivateKey.KeySpec = X509KeySpec.XCN_AT_KEYEXCHANGE;

                   //New code CMC

                   // Get the CA Key Exchange Certificate

                    CCertRequestClass certreq = new CCertRequestClass();

                    string strCAcert = certreq.GetCACertificate(1, strCAName, CR_OUT_BASE64);

                    log.Info("CASertString -" + strCAcert);

                    // Create a CMC outer request and initialize

                    CX509CertificateRequestCmcClass objCMC = new   CX509CertificateRequestCmcClass();

                    objCMC.InitializeFromInnerRequest(request);

                    // Set the CA Archive Key on the Request

      objCMC.ArchivePrivateKey = true;   

                    objCMC.set_KeyArchivalCertificate(EncodingType.XCN_CRYPT_STRING_BASE64, strCAcert);

                    objCMC.Encode(); 

                    // New CMC code end

                    CX509Enrollment objEnroll = new CX509Enrollment();

                    objEnroll.CertificateFriendlyName = strFriendlyname;

                  // Create enrollment request

                    objEnroll.InitializeFromRequest(objCMC);    

                    strRequest = objEnroll.CreateRequest(EncodingType.XCN_CRYPT_STRING_BASE64);

     

     

    Thanks in advance

     

    Tuesday, January 25, 2011 9:06 AM

All replies

  • I'm not sure off the top of my head why you would be getting file not found.... But have you confirmed that the template supports key archival? Also, does the CA issue this certificate?

     

    Andrew

    Friday, January 28, 2011 4:34 AM
  • Hi Thanks for the reply

    When we run the command line generation code with.inf file with the account which my above code is trying to get, is generating the certificate using certgen command.

    After the command line code running, immedietly  if i tried through the above code (its a web service) i am able to get the certificate for some time  after that i am getting this same error.

    Is some setting needs to be enabled in the CA server, something restricting my certificate generating account or some default template file is not found, please help me on this.

    The Template i am using for the request is supporting key archival.

    Friday, January 28, 2011 1:00 PM
  • So you are saying that with an inf file, certreq will always submit the request and receive the response?  Can you paste the inf file?

    Also, you say that you are running this code as a web service? Have you tried to create a command line exe and run it that way? Or through a vbs script and try from the same account?

     

    Andrew

    Friday, January 28, 2011 6:08 PM
  • Hi,

    The problem solved by refreshing the application pool everytime when i put a new build(replacing the DLL)

    Thanks for the replies Andrew.

    I have one more doubt is that possible i can set Expiry date to my certificate at the time of placing my request just like setting friendlyname.

     

    Monday, February 7, 2011 12:34 PM