locked
Error loading certificate RRS feed

  • Question

  • Hi,

    I am created one web service with connection of MS Healthvault and this service working fine on my local machine and when i am publish on IIS on my same machine as well.But when I am upload on remote server ( I created one virtual directory on server IIS and publish this service on that) so the error raised by server  "Error: Error loading certificate. Is password specified using ApplicationCertificatePassword?"

    so please help me for resolving this error and let me know for any additional information you want for that, it's very important    

    Friday, May 28, 2010 6:39 AM

Answers

  •  

    First, You export certificate file from "ApplicatioManage.exe". Now you have a certificate file (*.pfx), and then using the following steps to import this certificate file(*.pfx) to your computer. 

    1Run c:\Program Files\Microsoft HealthVault\SDK\Tools\ComputerCertificates.msc.

    2.Import the certificate into Personal > Certificates folder using All Tasks > Import.

    3.Browse the certificate file, and make sure that Mark this key as exportable is checked.

    Maybe this certificate file have already into Personal, but I'm not sure it can be export. So if it is existed, please delete it and import again.

    At the same place, right click the certificate file, and choose 'All Task'->'export'. You have to select the option of 'Yes, Export private key', and then enter the password for this exported certificate file and enter a path name. You will get a certificate file which contents password.

    Finally add a password key to config file as I mentioned.

     

    Tzeng 

    Wednesday, June 2, 2010 7:56 AM

All replies

  • Hello Ganesh,

    You can find similar thread in the below mention url.

    http://social.msdn.microsoft.com/Forums/en-US/healthvault/thread/fc2016f8-f61e-4607-9538-10193df69a89

    If you still facing the issue could you please provide me the complete stack trace and also please let me know your operating system where the application is hosted.

    Regards,

    Madan Kamuju

    Friday, May 28, 2010 8:37 AM
  • thanks,

    I am going through the article which you have suggested but still this problem not resolved,well I am using windows 7 os.

     

    Friday, May 28, 2010 10:40 AM
  • Hello Ganesh,

    I am contacting our technical team and i will update you once i get some information.

    Regards,

    Madan Kamuju

    Friday, May 28, 2010 11:41 AM
  • OK Thanks Madan. I am waiting for your reply.
    Friday, May 28, 2010 11:44 AM
  • Hi Madan...

    Here following error i find out when I test my application Id in troubleshooter utility shipped in our SDK

    Error is..

     "Application Id Certificate(WildcatApp-d1a79e49-69fc-4223-859a-c4d7d4c873d0) cannot be accessed"

     and is there any relation of  "private key accessible" well I don't know about that.

    so let me know if u have any idea .

    Friday, May 28, 2010 12:21 PM
  • Hello Ganesh,

    Could you please conform me whether you have followed steps mentioned in the forum thread which i have given in my earlier post. Please re-check the below steps.

    Steps:
    1.       Open HeathVault Application Manager
    2.       Export Public and Private keys (.pfx) for the certificate.
    3.       Copy the certificate into the machine (IIs Hosted).
    4.       Run c:\Program Files\Microsoft HealthVault\SDK\Tools\ComputerCertificates.msc.
    5.       Import the certificate into Personal > Certificates folder using All Tasks > Import.
    6.       Browse the certificate saved in step 3, and make sure that Mark this key as exportable is checked.
    7.       Restart HeathVault Application Manager and now you should be able to see the certificate imported.
    8.       Right Click on the certificate in HeathVault Application Manager and click on Grant Access to IIS process.
    9.      Run the application.
     
    Granting network access:
     
    1.       winhttpcertcfg.exe -g -a "Network Service" -c LOCAL_MACHINE\My -s %WC_CERTNAME%
     
    Where %WC_CERTNAME% is the name of my certificate

    Please let me know the execution of steps.

    Regards,

    Madan Kamuju

    Friday, May 28, 2010 12:35 PM
  • Yes I have tried this steps and executed all steps as well.

    still that problem not resolved which I have mention on above blog and I had mention os->windows 7 on host server, actualy it is windows server 2008 os.

    thanks

    Friday, May 28, 2010 2:06 PM
  • Ganesh,

    How are you using your certificate?

    If you point to it in a file (ie there is a key named "ApplicationCertificateFileName" in your web.config file), the current troubleshooter won't help you diagnose what is wrong.

    The most likely thing there is that the certificate isn't where the key indicates. Note that the location specified in the ApplicationCertificateFileName key is an absolute path. It's also possible that the location is correct but server process does not have permission to access the file.

    If you aren't using ApplicationCertificateFileName, then the steps to import the certificate into the local store should work correctly.

     

    Friday, May 28, 2010 4:34 PM
  • Hi Eric Gunnerson,

     I have developed a HealthVault Application that uses a webservice to communicate with HealthVault.  It works fine on our development server, but when we moved it to our live server (running Windows Server 2008) I receive an error when it attempts to communicate with HealthVault.

    Step for >> What exactly I have done for that and have tried...

    1>create healthvaulth application by using HV Application Manager.

    2>then create on web service and use web.config file of healthvaulth application in to the web service.

    3>following content is in web.config file of web service...

    <appSettings><add key="ApplicationId" value=d1a79e49-69fc-4223-859a-c4d7d4c873d0/><!--d1a79e49-69fc-4223-859a-c4d7d4c873d0-->

    <add key="ShellUrl" value="https://account.healthvault-ppe.com/"/>

    <add key="HealthServiceUrl" value="https://platform.healthvault-ppe.com/platform/"/>

    <!-- when we call the SignOut() method on HealthServicePage, it redirects us to the page below -->

    <add key="NonProductionActionUrlRedirectOverride" value="Redirect.aspx"/>

    <!-- The redirect page (specified above) uses these keys below to redirect to different

             pages based on the response from the shell -->

    <add key="WCPage_ActionHome" value="default.aspx"/>

    <add key="WCPage_ActionAppAuthSuccess" value="default.aspx"/>

    <add key="WCPage_ActionSignOut" value="SignedOut.aspx"/>

    <!--E:\Jnj\Gaurav\TestWebService\cert   E:\Jnj\JnJ\MicrosoftHealthVaultTestApp\QueryUserHealthDataService\cert-->

    <add key="ApplicationCertificateFileName" value="F:\GAN_DC\project\JNJ\HealthVaultApplication\QueryHealthDataService_HV\cert\WildcatApp-d1a79e49-69fc-4223-859a-c4d7d4c873d0.pfx"/>

    </appSettings> 

    4>after that I test on our local server, it's working fine but when I published it. and then create virtual directory on live server then put this publish web service into the virtual directory and make change in to web.config file for the location specified in the ApplicationCertificateFileName key is an absolute path (here actually I have given certificate path from published folder of web service).

    5>then I had run my web service from live server and caught following error log.  

    "Error: Error loading certificate. Is password specified using ApplicationCertificatePassword?"

    Also What I've already tried...

    • using HealthVault Application Manager Import pfx
    This added the certificate into the Computer Certificate Store, but it doesn't allow me to "Grant access to IIS process" (when i click it nothing happens)
    • I also used the winhttpcertcfg
    This seem to run correctly, but didn't have any affect on the error I'm getting

        I  check to see what permissions our program already has by typing this command:

    winhttpcertcfg.exe -l -c LOCAL_MACHINE\My -s WildcatApp-d1a79e49-69fc-4223-859a-c4d7d4c873d0

    I haven’t given network service permissions yet, so I’ll see this:

     

    Next I’ll run the command:

    WinHttpCertCfg -g –a “Network Service” –c Local_machine\my –s WildcatApp-d1a79e49-69fc-4223-859a-c4d7d4c873d0

    but I haven’t given network service permissions yet.

    Here I mention all things for over come to this issue but not yet resolved.

     

    and yes you have mention note here.... 

    "the location specified in the ApplicationCertificateFileName key is an absolute path. It's also possible that the location is correct but server process does not have permission to access the file."

    can you suggest steps for "server process permission to access the file"

     

    so please help me.....

     

    Saturday, May 29, 2010 8:35 AM
  • Hello,

    Please go through the following post and let me know if you are still facing the issues: http://social.msdn.microsoft.com/Forums/en-US/healthvault/thread/105d6f7c-3960-4aa4-a4ba-da9abf6f5ac6

    This issues looks similar to the one stated in the below thread. We will track the issue in a single thread to avoid confusion.

    http://social.msdn.microsoft.com/Forums/en-US/healthvault/thread/105d6f7c-3960-4aa4-a4ba-da9abf6f5ac6


    -Mahesh
    Monday, May 31, 2010 2:12 PM
  • Thanks Mahesh for your help 

    Well I have tried all steps and execute that steps proper way also but still I am not able to get connection with MS Health Vault, I received error : (Error: Error loading certificate. Is password specified using ApplicationCertificatePassword?)

     

    any other solution for that please let me know ASAP...

    Tuesday, June 1, 2010 7:24 AM
  • Hello,

    If the certificate has a password, that can be specified with the ApplicationCertificatePassword key in web.config file. Could you please let me know if you are using any password for the certificate. If so, make sure you have added the ApplicationCertificatePassword key in web.config file.


    -Mahesh
    Tuesday, June 1, 2010 8:24 AM
  • Hello Mahesh,

      We dont have any password for the certificate file. And how that password is generated for that certificate file?

     

    --Ganesh

    Tuesday, June 1, 2010 8:48 AM
  • Could you please let me know whether you have exported the certificate from the ComputerCertificates.msc. Also, can you please let me know the location for ApplicationCertificateFileName key in config file you are referring is the same location which you have exported. When you export the certificate from ComputerCertificates.msc, we need to provide password to complete the steps in server 2008. The password can be added with the ApplicationCertificatePassword key in web.config file.
    -Mahesh
    Tuesday, June 1, 2010 10:14 AM
  • If you are using the ApplicationCertificateFileName approach to specify your certificate, you can ignore the certificate store and winhttpcertcfg.exe - it isn't used when you use certificate file.

    The error you are seeing happens when there is an error loading the certificate from the file. It mentions a password because forgetting to specify the password is one common cause of this error.

    If you look at the request/response trace file or the log file, you should see additional information with this error that explains the exact cause.

     

    Tuesday, June 1, 2010 2:55 PM
  • Hi

     

    I find the solution for this issue.

    1) First, you have to make sure the key of "ApplicationCertificateFileName" is an absolute path.

    2) Export the certificate file by using 'c:\Program Files\Microsoft HealthVault\SDK\Tools\ComputerCertificates.msc'( refer as others replay ), and enter a password (private key) for this certificate file at the same time. You can't just use 'ApplicationManager.exe' because it can't export a private key for certificate file. You have to imported first, and then export a certificate which contains a  private key. 

    3) Add a key of 'ApplicationCertificatePassword' in your config file. The following is a part of my config file.

     

    <add key="ApplicationCertificateFileName" value="E:\HostingSpaces\xwingcrm\hv.dcbiomed.com\wwwroot\MyCert.pfx" />

    <add key="ApplicationCertificatePassword" value="MyPassword"/>

     

    Hope it's helpful

     

    Tzeng

    Wednesday, June 2, 2010 1:57 AM
  • Thanks Tzeng,

    1) I checked absolute path of certificate file this path is correct.

    2) other thing is that, there is no option of "Export  the certificate file" in  'c:\Program Files\Microsoft HealthVault\SDK\Tools\ComputerCertificates.msc' instead of it there is "Import" option.  

    3) And can you please tell me how do i create passowrd for the certificate file?

    -Ganesh

    Wednesday, June 2, 2010 7:06 AM
  • Hi Mahesh,

    I did following things>>>

    1) I checked absolute path of certificate file this path is correct.

    2) other thing is that, there is no option of "Export  the certificate file" in  'c:\Program Files\Microsoft HealthVault\SDK\Tools\ComputerCertificates.msc' instead of it there is "Import" option. (Right click on> "Certificate"> select >"All task">Import >Next> Browse .pfx file>Next>Type Passowrd for Private key(But Here after enter password >> show error message "The password you enters is incorrect".)  

    3) And can you please tell me how do i create passowrd for the certificate file?

    -Ganesh

    Wednesday, June 2, 2010 7:52 AM
  •  

    First, You export certificate file from "ApplicatioManage.exe". Now you have a certificate file (*.pfx), and then using the following steps to import this certificate file(*.pfx) to your computer. 

    1Run c:\Program Files\Microsoft HealthVault\SDK\Tools\ComputerCertificates.msc.

    2.Import the certificate into Personal > Certificates folder using All Tasks > Import.

    3.Browse the certificate file, and make sure that Mark this key as exportable is checked.

    Maybe this certificate file have already into Personal, but I'm not sure it can be export. So if it is existed, please delete it and import again.

    At the same place, right click the certificate file, and choose 'All Task'->'export'. You have to select the option of 'Yes, Export private key', and then enter the password for this exported certificate file and enter a path name. You will get a certificate file which contents password.

    Finally add a password key to config file as I mentioned.

     

    Tzeng 

    Wednesday, June 2, 2010 7:56 AM
  • Hello Ganesh,

    Please check the below steps to export the certificate from the certificate store:

    1. Run c:\Program Files\Microsoft HealthVault\SDK\Tools\ComputerCertificates.msc
    2. When ComputerCertificates.msc is opened, you will see two panes. Left side will be the tree view menu and right side, you can see all the certificates that you have imported.
    3. Select your certificate on the right hand side, right click and select All Tasks > Export > click Next > select the option Yes, export the private key > click Next > enter password and finish the process to export the certificate.
    4. The entered password should be referred in the web.config file

    Please let me know if you still face any issues.


    -Mahesh
    Wednesday, June 2, 2010 8:45 AM
  • Hello Tzeng,

       Thanks a lot !!! Its working fine now . We had not specified any password for the certificate file. So as per your suggestion we assigned the password to the certificate file and we specified it into the web.config file. So it worked smothly after the struggle of 4-5 days.

     Thanks a lot friend.

    Ganesh.

     

     

     

    Wednesday, June 2, 2010 9:47 AM
  • Great.
    Wednesday, June 2, 2010 4:26 PM