none
Problem creating SSL/TLS secure channel with Client Certificate

    Question

  • Hi all.

    I need really help. I installing a Client certificate with this Code:

    public static string InstallClientCertificate(byte[] data, string password)
    {
        var certificate = new X509Certificate2(data, password);
        var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
        store.Open(OpenFlags.ReadWrite);
        store.Add(certificate);
        store.Close();
        return certificate.Subject;
    }

    In the store the certificate is installed correctly and it is valid.

    When I want to use this certificate to create the SSL/TLS secure channel I will get following error:
    A fatal error occurred when attempting to access the SSL client credential private key. The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10003.

    Interesting is, that when I installing the same client certificate manually with the "Certificate Import Wizard" everything works fine.

    I do not know what I'm doing wrong. Or what the "Certificate Import Wizard" does better than I have in my code.

    Any help or guidance would be so gratefully appreciated!

    Thanks,
    Selim

    Monday, December 21, 2015 10:55 AM

Answers

  • Hi Selim Gezgin,

    According to this case, as far as I know,  when the service SSL certificate is not

    fully trusted on client box, it might raise error. The error can be handled properly

    in browser, but will result to exception in code. In case the problem is caused by this,

    you can try using the ServicePointManager.ServerCertificateValidationCallback handler

    to pass the cert validation.

    For more information, please refer to the following link:

    #How do I use WebRequest to access an SSL encrypted site using https?

    Best Regards,

    Wanjun Dong


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. Click HERE to participate the survey.

    Tuesday, December 22, 2015 8:44 AM
    Moderator
  • Hi,

    As far as  I  know, when we want to use the certificate, we need to generate a certificate by manually.

    Then set it in trust root with MMC tool. Then we can use the certificate with code.

    Best Regards,

    Wanjun Dong


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. Click HERE to participate the survey.

    Friday, December 25, 2015 1:30 AM
    Moderator

All replies

  • Hi Selim Gezgin,

    According to this case, as far as I know,  when the service SSL certificate is not

    fully trusted on client box, it might raise error. The error can be handled properly

    in browser, but will result to exception in code. In case the problem is caused by this,

    you can try using the ServicePointManager.ServerCertificateValidationCallback handler

    to pass the cert validation.

    For more information, please refer to the following link:

    #How do I use WebRequest to access an SSL encrypted site using https?

    Best Regards,

    Wanjun Dong


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. Click HERE to participate the survey.

    Tuesday, December 22, 2015 8:44 AM
    Moderator
  • Thanks, Wanjun Dong

    But the problem is, that everything works fine, when I install the client certificate manually and not when I install it with code.

    Cheers,
    Selim

    Tuesday, December 22, 2015 11:27 AM
  • Hi,

    As far as  I  know, when we want to use the certificate, we need to generate a certificate by manually.

    Then set it in trust root with MMC tool. Then we can use the certificate with code.

    Best Regards,

    Wanjun Dong


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. Click HERE to participate the survey.

    Friday, December 25, 2015 1:30 AM
    Moderator