locked
SSL X509Store RRS feed

  • Question

  • I have created a certificate with

    makecert.exe -sr LocalMachine -ss MY -a sha1 -n CN=test -sky exchange -pe cert.cer

    makecert.exe import the cert into the certification store.

    But i delete the cert in the certification store because i would add the cert to the store with my server app.

    Here is the code, all works fine but Server.AuthenticateAsServer(cert) don't work...

    Private cert As New X509Certificate2("C:\cert.cer")

    Dim stor As New X509Store(StoreName.My, StoreLocation.LocalMachine)

    stor.Open(OpenFlags.ReadWrite)

    stor.Add(cert)

    stor.Close()

    Server.AuthenticateAsServer(cert)

     

    This don't work, but why?

     

     

    Sunday, March 19, 2006 2:27 PM

Answers

  • When you are authenticating as server, the certificate needs a private key. A .cer file does not have a private key. Which means that when you export the certificate you need to make sure that you export the cert along with the private key
    Sunday, March 19, 2006 7:45 PM
    Moderator
  • You just need to import the .pfx file.
    Or when you request a certificate request a pfx file not a cer file.
    Cer file contains only the public key part of the certificate

    Monday, March 20, 2006 5:21 AM
    Moderator
  • Is there a reason why you don't want a pfx file? 

    If you choose the pfx file route, then you can definitely associate the pfx file with a certificate in VB.net 2005 using the X509Certificate2 class.  I have used both .cer files (public key only) and .pfx files (public and private keys) in this manner and it works well. 

    I tried using the -pe command and was able to create a cert in the local machine store and then manually export the private key to a pfx file...

    Tuesday, March 21, 2006 1:11 AM
    Moderator

All replies

  • When i add the cert to the store the cert has no privatekey.... how can i add a privatekey befor i add the cert to the store?=
    Sunday, March 19, 2006 3:26 PM
  • When you are authenticating as server, the certificate needs a private key. A .cer file does not have a private key. Which means that when you export the certificate you need to make sure that you export the cert along with the private key
    Sunday, March 19, 2006 7:45 PM
    Moderator
  • Yes, but how can i load the private key with the cer into the cert store?
    Sunday, March 19, 2006 9:14 PM
  • You just need to import the .pfx file.
    Or when you request a certificate request a pfx file not a cer file.
    Cer file contains only the public key part of the certificate

    Monday, March 20, 2006 5:21 AM
    Moderator
  • How can i create a private key for the certificate i created with makecert.exe???
    I don't won't the private key in a container or a *.pfx file, i want a private key file.

    cert.cer and cert.key like Serv-U FTP Server



    And then, how can i associated the private key to certificate with vb .net ???


    Monday, March 20, 2006 6:08 AM
  • You need to read up on the certificate issues and makecert.exe
    and how the wholething works. I will see if I can create a blog article about this
    but I suggest you to get more knowlegeable in the x509cert usage.

     

    Monday, March 20, 2006 5:12 PM
    Moderator
  • Looking at "makecert.exe -?" it looks like you need to use the "-pe" option.  This should allow you to export the private key out to a file when exporting from the certificate store.  You may need to use the certificate snapin to MMC.exe in order to export the private key once it is created.  The private key may not be exported by default by the tool.
    Tuesday, March 21, 2006 12:39 AM
    Moderator
  • Is there a reason why you don't want a pfx file? 

    If you choose the pfx file route, then you can definitely associate the pfx file with a certificate in VB.net 2005 using the X509Certificate2 class.  I have used both .cer files (public key only) and .pfx files (public and private keys) in this manner and it works well. 

    I tried using the -pe command and was able to create a cert in the local machine store and then manually export the private key to a pfx file...

    Tuesday, March 21, 2006 1:11 AM
    Moderator
  • mh, it seems like that i use the pfx file, and the certs that are already in the X509Store....

    @Durgaprasad Gorti
    if you create a blog article, where i can find your blog?

    Tuesday, March 21, 2006 11:43 AM
  • Use
                certificate = new X509Certificate2(filename, (string)null, X509KeyStorageFlags.PersistKeySet);
    instead of  new X509Certificate2(filename);


    Thursday, May 4, 2006 10:23 PM