User370833047 posted
I am creating a website in IIS programmatically. To add the binding for "https", I created the "pfx" certificate as follows.
public static string MakeCertFile(string folderPath)
{
//Folder Path is comething like "C\\temp\\";
var password = "AdmTo@123";
var ecdsa = ECDsa.Create(); // generate asymmetric key pair
var req = new CertificateRequest("cn=corixaz", ecdsa, HashAlgorithmName.SHA256);
var cert = req.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now.AddYears(5));
var friendlyName = "corixazServercert.cer";
string filename = folderPath + "\\" + friendlyName;
string pfxFriendlyFileName = "corixazServercert.pfx";
string pfxFileName = folderPath + "\\" + pfxFriendlyFileName;
File.WriteAllBytes(pfxFileName, cert.Export(X509ContentType.Pfx, password)); //X509KeyStorageFlags.MachineKeySet
File.WriteAllText(filename,
"-----BEGIN CERTIFICATE-----\r\n"
+ Convert.ToBase64String(cert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks)
+ "\r\n-----END CERTIFICATE-----");
InstallCertificate(pfxFriendlyFileName, password);
return pfxFriendlyFileName;
}
The InstallCertificate method is as follows -
public static void InstallCertificate(string cerFileName,string password, StoreName soreName = StoreName.My)
{
X509Certificate2 certificate = new X509Certificate2(cerFileName, password, X509KeyStorageFlags.MachineKeySet);
certificate.FriendlyName = cerFileName;
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.Add(certificate);
store.Close();
}
To get the certificate from the store, the method is like this -
public static X509Certificate2 GetValidCertFromStore(string certificateName, StoreName storeName = StoreName.My)
{
X509Store store = new X509Store(storeName, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certs = store.Certificates;
DateTime highestValidDate = DateTime.Today;
X509Certificate2 certToReturn = null;
foreach (var cert in certs)
{
if (cert.FriendlyName.Equals(certificateName))
{
if (certToReturn == null || cert.NotAfter >= highestValidDate)
{
certToReturn = cert; // we want to take the latest
}
}
}
return certToReturn;
}
Then I have another method to create "https" binding for the website.
public static void AddCertificateToWebSite(Site site, string cerFileName, int port, string password)
{
X509Certificate2 certificate = GetValidCertFromStore(cerFileName);
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
var binding = site.Bindings.Add("*:443" + ":", certificate.GetCertHash(), store.Name);
binding.Protocol = "https";
store.Close();
}
In the calling method, whenever I do "serverManager.CommitChanges()" call, I am getting the exception - "An internal error occurred. (0x8007054F)."
When i looked at the Event Log - the error is something like this - "A fatal error occurred while creating a TLS server credential. The internal error state is 10018." I could not find any relevant material regarding
this in internet. I am using Windows server 2019 and IIS 10.0.1776
