IMFSSLCertificateManager gives errors 0x80072ee2 & 0x80092003


  • I am trying to figure out how to use IMFSSLCertificateManager.  So far I have gotten to where my IMFSSLCertificateManager::GetCertificatePolicy is getting called.  But after that, I begin to have problems:

    - If I return pfClientCertificateAvailable == FALSE from GetCertificatePolicy, I just get a ~30 second delay, followed by CreateObjectFromURL returning 0x80072ee2 (WININET_E_TIMEOUT).  My expectation was that it would call my BeginGetClientCertificate, but that never happens.

    - If I return pfClientCertificateAvailable == TRUE from GetCertificatePolicy, IMFSSLCertificateManager::GetClientCertificate gets called, but no matter what I try to return as a certificate, I always get 0x80092003 (CRYPT_E_FILE_ERROR).  While the docs are silent about exactly what is expected in ppbData, I have allocated memory using CoTaskMemAlloc, then read the entire contents of the certificate file into the buffer.  I have tried various types of certificate files, but nothing works.

    It's possible that I have my IIS set up incorrectly, but I don't think so.  Rather than walk you thru all the steps I used, I'll just say that attempting to connect to https://localhost/AspectRatio4x3.wmv from firefox (correctly) prompts me to use a client certificate.  When I do, I am able to access the file.  Using the same certificate in IMFSSLCertificateManager::GetClientCertificate always gives 0x80092003.

    Google doesn't show me any sample code using this interface, and the MSDN docs for IMFSSLCertificateManager are very bare bones.

    I need both BeginGetClientCertificate and GetCertificatePolicy to work, depending on how I set pfClientCertificateAvailable.

    FWIW: I can get IMFSSLCertificateManager::OnServerCertificate to get called by playing with the server settings.

    I am on Windows 7 Professional x64, compiling for 32bit, using the internal IIS, and self-signed certificates.

    Any thoughts on what I am doing wrong, sample code showing how this is supposed to work, or ideas about how to debug this are appreciated.
    Sunday, March 1, 2015 12:42 AM