Asked by:
Problem Adding Machinekey / Private Key Remotely

Question
-
I have a C# application in which I'm adding a pfx certficate (with private key) to a remote server. The certificate is added to the certificate store just fine, but the machine key is not placed on the server and therefore I cannot use it for SSL (IIS). I've gotten the same behavior on Windows Server 2003 and 2008. The machine keys should be created at "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys" and "C:\programdata\Microsoft\Crypto\RSA\MachineKeys" respectively.
My code looks something like this:
X509KeyStorageFlags flags = X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet;
X509Certificate2 newPFX = new X509Certificate2(pfxpath, "password", flags);X509Store certStore = new X509Store(@"\\" + serverName + "\\MY", StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadWrite);
certStore.Add(newPFX);Wednesday, November 21, 2012 6:35 PM
All replies
-
I saw your code, you have put the file in whatever \\ + serverName but where is your code to point your IIS to it?
chanmm
chanmm
Thursday, November 22, 2012 9:02 AM -
If the server is using IIS7 I execute the code below. Which works just fine, except when I add the certificate to the remote keystore it does not create an associated machine key on the remote server. If I manually import the pfx on the remote server by logging in and using the certificates snap-in, I can see the machinekey being created:
foreach (Site site in siteCollection)
{//Binding binding = null;
foreach (Binding binding in site.Bindings)
{
if (binding.Protocol == "https")
{
string bCertHash = binding.GetAttributeValue("certificateHash").ToString().ToUpper();
if (bCertHash != certHash.ToUpper())
{
ConfigurationMethod method = binding.Methods["AddSslCertificate"];
if (method == null)
{
throw new Exception("Unable to access the AddSslCertificate configuration method");
}
ConfigurationMethodInstance mi = method.CreateInstance();
mi.Input.SetAttributeValue("certificateHash", certHash);
mi.Input.SetAttributeValue("certificateStoreName", "MY");
mi.Execute();
}
}}
- Edited by MP03 Friday, November 23, 2012 1:56 PM too much whitespace
Friday, November 23, 2012 1:55 PM -
How would I put the machinekey in "\\ + serverName " as you are describing? Why doesn't certStore.Add(newPFX); add the associated private key as well.
Shouldnt the flags X509KeyStorageFlags flags = X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet;
make the machinekey?
Friday, November 23, 2012 2:04 PM -
Hi chanmm,
Would you like to kep helping this man?
Have a nice day.
Best regards,
Ghost,
Call me ghost for short, Thanks
To get the better answer, it should be a better question.Tuesday, December 4, 2012 10:07 AM