Cannot find certificate in client side while calling web service RRS feed

  • Question

  • I've a windows service application developed in C#.Net which is communicating with Web service developed in Java (from client). This web service is certificate validated that's why every time I need to read the certificate before calling the web service. But when ever I'm trying to get the certificate by Subject name or Thumbnail then I'm getting different error for each type. And cannot read the certificate at all.

    Here is my code:

     <clientCertificate storeLocation="CurrentUser" storeName="My" findValue="‎176455DB76886FF2BA3C122F8B36322F647CB2FD"  x509FindType="FindByThumbprint" />

    If I try to find the certificate using Thumbnail like above then I'm hitting below error:

    invalid hexadecimal string format. inner exception null

    Here is the second way I'm trying to call the certificate:

    <clientCertificate storeLocation="CurrentUser" storeName="My" findValue="‎CN=EO_UA_test, T=Privatmoney, OU=EO_UA_test, O=EO_UA_test, L=Dnepropetrovsk, C=UA"  x509FindType="FindBySubjectName" />

    And here is the error I'm hitting while applying the above technique:

    Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'CurrentUser', FindType 'FindBySubjectName', FindValue '‎CN=EO_UA_test, T=Privatmoney, OU=EO_UA_test, O=EO_UA_test, L=Dnepropetrovsk, C=UA'.

    For the 2nd error I've tried without "CN=" but still I'm getting the same error. Also, I've checked the certificate using MMC.exe and I can find my certificate is existing under CurrentUser->personal Please suggest me on the above.

    Monday, October 9, 2017 10:46 AM

All replies

  • If you're running as a Windows service then are you sure the cert is installed in a location visible to the service? Certs can be installed at the computer or user level. Your config says you're looking for the cert as the current user. So the user account which the service is running under would need the cert. If the cert is installed at the computer level then you need to change the location. The My store indicates under Personal. If the cert is located elsewhere then you need to change that as well.

    For the invalid hex error, your thumbprint is invalid. This can happen if you try to copy the thumbprint directly from the Certificate Manager dialog. It puts extra characters on their. You need to fix the thumbprint.

    Finally, note that I've run into a similar issue with a console app where the find method wouldn't find the cert by thumbprint. It was there but it would never be found. I ended up having to enumerate the certs and then do a simple String.Compare against the thumbprint to find it (case insensitive). I never did figure out why it wouldn't work with Find.

    Michael Taylor

    Monday, October 9, 2017 4:22 PM