News  [SoftwareSite

Latest News
Older News
RSS Feed
 
Complete Projects
Useful Classes
Top Downloads
Message Board
AllAPI.net
 
Send Comments
Software License
Mentalis.org Buttons
Donate
 
Forums -> Security Tools for .NET 2.0 Forum
 
X509CertificateGenerator

Reply

by Jean Milne [jeanangeo at yahoo dot com]
posted on 2009/12/16

I am attempting to use the X509CertificateGenerator to create a certificate to replace one created by the following commands:

makecert -sv CERTNAME.pvk -n \"CN=SUBJECTNAME\" CERTNAME.cer -sky exchange cert2spc CERTNAME.cer CERTNAME.spc pvk2pfx -pvk CERTNAME.pvk -spc CERTNAME.spc -pfx CERTNAME.pfx

My code is:

RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
CertificateSettings settings = new CertificateSettings();
settings.StartDate = DateTime.Now;
settings.EndDate = DateTime.Now.AddDays(2);
X509Certificate certificate = X509CertificateGenerator.Create(provider, issuerName, settings);

However, the resulting certificate is different in 3 ways:

Firstly, the issuer name in the code-generated certificate is the same as the subject name (whereas the issuer name in the certificate batch-file-generated certificate is \"CN=Root Agency\"). When you export view the batch-file generated certificateto .cer file, you can see the Root Authority in the path. The code-generated certificate when exported to .cer has no Root Agency.

Secondly, the password in the code-generated certificate is NULL whereas the password in the batch-file-generated certificate is \"\". Therefore, the batch-file-generated certificate has to be loaded using the call:

X509Certificate2 certificate = new X509Certificate2(fullPath, string.Empty);

whereares the code-generated certificate has to be loaded using the call:

X509Certificate2 certificate = new X509Certificate2(fullPath);

Thirdly, the certificate doesn\'t actually work. Any WCF service call fails. An error is enetered into the server WCF logs:

System.ComponentModel.Win32Exception: The credentials supplied to the package were not recognized at System.IdentityModel.SspiWrapper.AcquireCredentialsHandle(String package, CredentialUse intent, SecureCredential scc) at System.ServiceModel.Security.TlsSspiNegotiation.AcquireServerCredentials() at System.ServiceModel.Security.TlsSspiNegotiation..ctor(String destination, Boolean isServer, SchProtocols protocolFlags, X509Certificate2 serverCertificate, X509Certificate2 clientCertificate, Boolean clientCertRequired) at System.ServiceModel.Security.TlsnegoTokenAuthenticator.CreateSspiState(Byte[] incomingBlob, String incomingValueTypeUri) at System.ServiceModel.Security.SspiNegotiationTokenAuthenticator.ProcessRequestSecurityToken(Message request, RequestSecurityToken requestSecurityToken, SspiNegotiationTokenAuthenticatorState& negotiationState) at System.ServiceModel.Security.NegotiationTokenAuthenticator1.ProcessRequestCore(Message request) at System.ServiceModel.Security.NegotiationTokenAuthenticator1.NegotiationHost.NegotiationSyncInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)

Can anyone help me to understand why I\'m getting the differences?

 

Copyright © 2002-2007, The Mentalis.org Team. All rights reserved.
This site is located at http://www.mentalis.org/
Send comments to the webmaster.