News  [SoftwareSite

Latest News
Older News
RSS Feed
 
Complete Projects
Useful Classes
Top Downloads
Message Board
AllAPI.net
 
Send Comments
Software License
Mentalis.org Buttons
Donate
 
Forums -> Security Library Forum
 
Using SecureTcpListener with .cer files  
by Wayne Citrin [citrin at jnbridge dot com]
posted on 2004/07/27

Has anyone been able to get this to work?

I am trying to create a server that uses a SecureTcpListener and a certificate in a .cer file. I also have a .pvk file with the private key.

I read the .cer file and associate it with the .pvk file as follows:

Certificate c = Certificate.CreateFromCerFile(filename);
c.AssociateWithPrivateKey(pvkFileName, password, true);

This code completes just fine, without an exception. I then create the SecureTcpListener as follows:

SecurityOptions so = new SecurityOptions(SecureProtocol.Ssl3, c, ConnectionEnd.Server);
s_tcpListener = new SecureTcpListener(localhost, port, so);

This works just fine, too. However, when I execute

s_tcpListener.Start();

I get

Unhandled Exception: System.ArgumentException: If a certificate is specified, it must have a private key.

It seems like the association with the .pvk file doesn't "take" -- if I execute c.HasPrivateKey() immediately after I execute c.AssociateWithPrivateKey(), it returns false, and if I execute c.PrivateKey, it throws an exception:

Unhandled Exception: Org.Mentalis.Security.Certificates.CertificateException: Could not acquire private key.


I've seen in another thread the recommendation that we use .pfx files, but that isn't an acceptable solution, since our users may well have .cer files.

The thing that confuses me is that what I'm trying to do is exactly what's done in the example Web Server project that's included with the Security Library. Can anyone help?

by Scott Griggs [scottmgriggs at comcast dot net]
posted on 2004/08/11

I'm also having a similar problem. I'm loading a .cer file (generated by microsoft certificate server), and a .pvk file generated from the .net framework utilities.

The code to associate the private key with the certificate doesn't give an error, but when trying to locate the private key, CryptAcquireCertificatePrivateKey returns FALSE with the error 0x8009200B, "Cannot find the certificate and private key for decryption."

What am I doing wrong? Do I need to generate certificates and .pvk files from a different source?

by Scott Griggs [scottmgriggs at comcast dot net]
posted on 2004/08/11

Doesn't the certificate contain the public key used for encryption? So the certificate and private key file probably need to have matching public/private keys for everything to work correctly.

What certificate authority are the developers of the security library using for testing?

In a production environment using a certificate server or a well known certificate authority, in what form do the certificates and private keys come?

by Scott Griggs [scottmgriggs at comcast dot net]
posted on 2004/08/11

I've just had Microsoft Certificate Services generate a certificate and a corresponding .pvk file, and I still have the same problem.

by Scott Griggs [scottmgriggs at comcast dot net]
posted on 2004/08/12

When importing a certificate for use in IIS, it doesn't seem to need a certificate the has a private key or a .pvk file. Is it just generating new keys for encryption? Can the Security library do something similar?

Scott

by Pieter Philippaerts [Pieter at mentalis dot org]
posted on 2004/08/17

We've made some changes to the AssociateWithPrivateKey method. Can you verify whether the change solves the problem you're seeing?

by vijay
posted on 2005/06/16

Hi,

Has anybody solved this issue? I am trying the same with the newest build, and am running into the same issues.

 

Copyright © 2002-2007, The Mentalis.org Team. All rights reserved.
This site is located at http://www.mentalis.org/
Send comments to the webmaster.