|
Forums -> Security Library Forum
Unable to import the PFX file! [error code = -2146893802] |
|
|
by Harmeet Bedi posted on 2003/11/08 |
|
Not able to read PFX file.
Here is what I am trying to do
CertificateStore.CreateFromPfxFile(file, password);
Where PFX file is server.pfx shipped with distribution and password is 'test' from WebServer Sample.
Any hints would be very appreciated.
I can read the PFX file in windows by double clicking and my IE 6 has Cipher Strength 128, so it may not be an export level security issue on my machine.
thanks,
Harmeet |
by Pieter Philippaerts [Pieter at mentalis dot org] posted on 2003/11/08 |
|
Can you post the code you're using?
What version of Windows are you using?
Have you tried manually specifying a keyset location? [look for the CreateFromPfxFile overload with a KeysetLocation parameter]?
Are you running your code in an ASP.NET program or a normal desktop application? |
by Harmeet Bedi [harmeet at kodemuse dot com] posted on 2003/11/08 |
|
I am running Windows 2000. Service pack 4.
Specified the keyset manually in a command line program with this snippet.
KeysetLocation[] loc = new KeysetLocation[]
{ KeysetLocation.CurrentUser
, KeysetLocation.Default
, KeysetLocation.LocalMachine };
CertificateStore cs = null;
foreach ( KeysetLocation kl in loc )
{
if ( cs != null )
break;
try
{
cs = CertificateStore.CreateFromPfxFile
(file, password,false,kl);
}
catch(Exception ex)
{
Console.WriteLine(kl+": "+ex.ToString());
}
}
Did not work. Omitting the stack trace here is what I got.
------
CurrentUser: Org.Mentalis.Security.Certificates.CertificateException:
Unable to import the PFX file! [error code = -2146893802]
Default: Org.Mentalis.Security.Certificates.CertificateException:
Unable to import the PFX file! [error code = -2146893802]
LocalMachine: Org.Mentalis.Security.Certificates.CertificateException:
Unable to import the PFX file! [error code = -2146893792]
------
I tried with both 1.0 and the latest 1.0b software version.
Looking at the code, it appears you are calling 'PFXImportCertStore' in crypt32.dll.
I am too familar how windows security works. I have a PKCS12 file that I want to use as a keystore. PKCS12 has certificate chain and private key in it. So I am not sure why I need the dwFlags parameter. Do I need to crack open my PKCS12 file and store public/private keys somewhere ?
thanks,
Harmeet
|
by Harmeet Bedi [harmeet at kodemuse dot com] posted on 2003/11/08 |
|
It appears to work ok now.
I keep IPSec and IIS Admin service disabled.
I turned on IPSec and IIS Admin Service. It worked after that.
Turned off both these services and it still worked.
It may be that IPSec service loads a crypto provider. I don't know enough about MS Security setup, so can only guess.
Got some hints from
http://support.microsoft.com/default.aspx?kbid=313494
thanks for all the help.
|
by Angel Todorov [atodorov at acm dot org] posted on 2003/11/09 |
|
Hello, since you are using it with IIS, just in case, i can tell you about another typical problem that occurs: PRB: "CSP for This Implementation Could Not Be Acquired" CryptographicException Error During Instantiation
You can find solution on:
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q322/3/71.asp&NoWebContent=1 |
|
|