none
Winhttp SSL - private key error 12185 RRS feed

  • Question

  • Requirement and Input data:

    Our client has deployed a webserver (Tomcat) configured for SSL support. we need to implement a cleint in C++ which will communicate to server for sending and receiving data.

    we have been provided two certificate files (CACerts.jks and PMKeystore.jks) and HTTPS URLs to request the data.

    Problem:

    we tried to write a client using winhttp and crypt32 libraries but not able to send the request correctly with winhttp error code 12185 [ERROR_WINHTTP_CLIENT_CERT_NO_PRIVATE_KEY]

    any help in this regard would be highly appreciated.

    Friday, December 6, 2013 5:52 AM

Answers

  • Hi,

    ERROR_WINHTTP_CLIENT_CERT_NO_PRIVATE_KEY document shows the context for the SSL client certificate does not have a private key associated with it. The client certificate may have been imported to the computer without the private key.

    So you need the private key associated with that certificate to prove to the server that you are the proper owner of the certificate.  That is what ERROR_WINHTTP_CLIENT_CERT_NO_PRIVATE_KEY is telling you. 

    You can set the private key with CertSetCertificateContextProperty using CERT_KEY_CONTEXT_PROP_ID or use PFXImportCertStore to import both the private key and the certificate.

    Best Regards,

    May


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Monday, December 9, 2013 3:52 AM

All replies

  • Hi,

    ERROR_WINHTTP_CLIENT_CERT_NO_PRIVATE_KEY document shows the context for the SSL client certificate does not have a private key associated with it. The client certificate may have been imported to the computer without the private key.

    So you need the private key associated with that certificate to prove to the server that you are the proper owner of the certificate.  That is what ERROR_WINHTTP_CLIENT_CERT_NO_PRIVATE_KEY is telling you. 

    You can set the private key with CertSetCertificateContextProperty using CERT_KEY_CONTEXT_PROP_ID or use PFXImportCertStore to import both the private key and the certificate.

    Best Regards,

    May


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Monday, December 9, 2013 3:52 AM
  • Thanks May!

    do you have any sample code snippet of using these APIs handy?

    i used few samples which i found on other forums but these APIs are not working. basically i am confused in how to fill the structures (in case of CERT_KEY_CONTEXT_PROP_ID) and which value do i need to associate as private key (whether it would be serial number which i see in certmgr and it would be the password which i use to import the certificate?)

    Thanks again!

    Shyam

    Monday, December 9, 2013 6:10 AM
  • Hi Shyam,

    I don't have sample code written by myself. I find some useful links with sample code for your reference. Hope this is helpful for you.

    http://www.codeproject.com/Articles/24003/One-Click-SSL-Certificate-Registration-using-WinHT

    http://www.ionicwind.com/forums/index.php?topic=2441.0

    Best Regards,

    May


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Tuesday, December 10, 2013 7:31 AM
  • Hi May,

    I checked these links but could not find any reference to the solutions which you gave in your previous reply. In previous answer you mentioned to use APIs like CertSetCertificateContextProperty or PFXImportCertStore. Am still not able to figure out how and where to use these methods.

    Thanks,

    Shyam

    Tuesday, December 10, 2013 9:42 AM
  • Hi Shyam,

    CertSetCertificateContextProperty or PFXImportCertStore method I just can find information in MSDN document, as to useful sample codes I cannot find anything. I suggest you look through the document carefully and I think you will find the way to use them.

    Best Regards,

    May


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Wednesday, December 11, 2013 2:06 AM