by Jean Milne [jeanangeo at yahoo dot com] posted on 2009/12/16 |
|
I am attempting to use the X509CertificateGenerator to create a certificate to replace one created by the following commands:
makecert -sv CERTNAME.pvk -n \"CN=SUBJECTNAME\" CERTNAME.cer -sky exchange cert2spc CERTNAME.cer CERTNAME.spc pvk2pfx -pvk CERTNAME.pvk -spc CERTNAME.spc -pfx CERTNAME.pfx
My code is:
RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
CertificateSettings settings = new CertificateSettings();
settings.StartDate = DateTime.Now;
settings.EndDate = DateTime.Now.AddDays(2);
X509Certificate certificate = X509CertificateGenerator.Create(provider, issuerName, settings);
However, the resulting certificate is different in 3 ways:
Firstly, the issuer name in the code-generated certificate is the same as the subject name (whereas the issuer name in the certificate batch-file-generated certificate is \"CN=Root Agency\"). When you export view the batch-file generated certificateto .cer file, you can see the Root Authority in the path. The code-generated certificate when exported to .cer has no Root Agency.
Secondly, the password in the code-generated certificate is NULL whereas the password in the batch-file-generated certificate is \"\". Therefore, the batch-file-generated certificate has to be loaded using the call:
X509Certificate2 certificate = new X509Certificate2(fullPath, string.Empty);
whereares the code-generated certificate has to be loaded using the call:
X509Certificate2 certificate = new X509Certificate2(fullPath);
Thirdly, the certificate doesn\'t actually work. Any WCF service call fails. An error is enetered into the server WCF logs:
System.ComponentModel.Win32Exception: The credentials supplied to the package were not recognized at System.IdentityModel.SspiWrapper.AcquireCredentialsHandle(String package, CredentialUse intent, SecureCredential scc) at System.ServiceModel.Security.TlsSspiNegotiation.AcquireServerCredentials() at System.ServiceModel.Security.TlsSspiNegotiation..ctor(String destination, Boolean isServer, SchProtocols protocolFlags, X509Certificate2 serverCertificate, X509Certificate2 clientCertificate, Boolean clientCertRequired) at System.ServiceModel.Security.TlsnegoTokenAuthenticator.CreateSspiState(Byte[] incomingBlob, String incomingValueTypeUri) at System.ServiceModel.Security.SspiNegotiationTokenAuthenticator.ProcessRequestSecurityToken(Message request, RequestSecurityToken requestSecurityToken, SspiNegotiationTokenAuthenticatorState& negotiationState) at System.ServiceModel.Security.NegotiationTokenAuthenticator1.ProcessRequestCore(Message request) at System.ServiceModel.Security.NegotiationTokenAuthenticator1.NegotiationHost.NegotiationSyncInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
Can anyone help me to understand why I\'m getting the differences? |