none
Cannot FindByThumbprint - Invalid Hexadecimal string format RRS feed

  • Question

  • I'm trying to set up a sample WCF service using a self-signed certificate.  For some reason, I repeatedly get the error "FormatException - Invalid hexadecimal string format."

    I was initially trying it in the config file but decided to try setting it up in code but still get the same error.

    I then tried it on a different machine and it works just fine.  I would appreciate any suggestions.  Here are the details.

    Environment:  Windows 7 Home Premium, Visual Studio 2010 C# Express Edition, .NET 4.0

    Code:

     

     

    // Create the host
    ServiceHost host = new ServiceHost(hostType);

     

     

    string valueToFind = "‎‎‎‎‎66 31 bf 9e f7 4f 9e b6 c9 d5 a6 0c ba 6a be d1 f7 bd ef 7b";

    host.Credentials.ServiceCertificate.SetCertificate(

     

    StoreLocation.CurrentUser, StoreName.Root, X509FindType.FindByThumbprint, valueToFind);

     

     

    The exact same code runs just fine on another machine.  No complaints of an invalid hexadecimal value.  Here are the details of the other machine:

    Environment:  Windows XP, Visual Studio 2010 C# Premium, .NET 4.0

    Any ideas?

    Thursday, September 2, 2010 4:42 PM

Answers

  • I copied your code and put it into a project of my own and I did get the invalid hex format exception. I then tried using a different thumbprint and I no longer got that error. I checked your thumbprint for any visible invalid values and couldn't find any. Next I copied your thumbprint by hand (I typed it in) and the expection no longer occurred.  So I think it was some non-visible character that was causing the problem. Try retyping the thumbprint by hand to see if that clears up the issue for you as well.

    Thanks,

    Michael Green [MSFT]

    Friday, September 3, 2010 6:17 PM

All replies

  • compile the code on one machine, then run the binary on both machines - does the same binary works on one and fails on another? do not compile the code on each machine.
    http://webservices20.blogspot.com/
    WCF Security, Interoperability And Performance Blog
    Thursday, September 2, 2010 10:37 PM
  • While that's a good idea, I can't do that.  The XP machine (where it works as expected) is a work machine that is locked down and moving/emailing a binary to or from it would be a security violation.

    Any other ideas?  The code is identical as is the hexadecimal value being passed in.  It really makes no sense.

    Friday, September 3, 2010 3:10 PM
  • Actually I'm surprised this works on one machine - I would expect the string to be without spaces. Can you try that on the home machine? If it still fails try to remove part of the string until you find which one causes it to fail. Note that when you remove parts of the string you would expect not to find the certificate, but at least you will see what stops from getting the hex exception. Also you can try to work on the string with other hex manipulations in .Net to check it.
    http://webservices20.blogspot.com/
    WCF Security, Interoperability And Performance Blog
    Friday, September 3, 2010 6:04 PM
  • I copied your code and put it into a project of my own and I did get the invalid hex format exception. I then tried using a different thumbprint and I no longer got that error. I checked your thumbprint for any visible invalid values and couldn't find any. Next I copied your thumbprint by hand (I typed it in) and the expection no longer occurred.  So I think it was some non-visible character that was causing the problem. Try retyping the thumbprint by hand to see if that clears up the issue for you as well.

    Thanks,

    Michael Green [MSFT]

    Friday, September 3, 2010 6:17 PM
  • yes, seems like there is something invalid before the opening "66". Try to delete the string from end using the "back" keyboard button and you see there is something before the 6.
    http://webservices20.blogspot.com/
    WCF Security, Interoperability And Performance Blog
    Friday, September 3, 2010 6:20 PM
  • Thanks guys. I did try removing the spaces before I posted but I did copy and paste the original value from the certificate details. I'll try keying it manually and see if that helps. I'm pretty sure I copied and pasted on both machines though. I'll post the results once I get a chance to try it.
    Friday, September 3, 2010 8:23 PM
  • Thanks for the suggestion.  I can confirm that after manually typing in the value, it was able to find it as expected. 
    Sunday, September 26, 2010 8:19 PM
  • A friend had the same problem, typing thumbprint by hand solved it. Thanks.
    Monday, November 15, 2010 1:50 PM
  • Try to open your source by notepad, and you see somethink like that:

    String thumbprint = " 3D11B752A0075A00E1FBF12DFED5DB4499FFC27A";

    In VS 2010 - Win7 this space is invisible.

    In app.config same.

    This is windows jokes. When you try to type the password by Start-Execute, CTRL-C and pass into password box in IE or Firefox, you'll get whitespace after

     


    • Edited by Boglen Thursday, October 27, 2011 8:31 AM
    Thursday, October 27, 2011 8:26 AM
  • Michael is right. If you copy Thumbprint string from common certificate dialog, it is copied in UNICODE (UTF-16LE) encoding with special invisible control characters (<tt>0xFF and 0xFE</tt> aka “Byte order mark“) on the beginning of the string.

    Default character set of Visual Studio files is UTF-8 and these characters are invalid in this encoding.
    Saturday, September 27, 2014 3:40 PM
  • Michael is right. If you copy Thumbprint string from common certificate dialog, it is copied in UNICODE (UTF-16LE) encoding with special invisible control characters (<tt>0xFF and 0xFE</tt> aka “Byte order mark“) on the beginning of the string.

    Default character set of Visual Studio files is UTF-8 and these characters are invalid in this encoding.

    Good find. I observe that when I copy from the window "Certificate", tab "Details", I get a string with a U+200E 'LEFT-TO-RIGHT MARK' in the beginning (not a byte-order mark U+FEFF), followed by ordinary ASCII digits and letters, and spaces.

    It works to type the first single hex digit by hand, and then copy/paste the remaining 39 hex digits from this window to the desired destination code file.

    In the question above, there are FIVE occurrences of the invisible U+200E between the first quote mark and the first digit 6 in the string.

    /JeppeSN

    Wednesday, July 27, 2016 12:54 PM
  • This hasnt been the case for all of our applications...but capitalizing all the letters did it for me. Again this has not been the case for all services.

    Wednesday, August 1, 2018 2:11 PM