News  [SoftwareSite

Latest News
Older News
RSS Feed
Complete Projects
Useful Classes
Top Downloads
Message Board
Send Comments
Software License Buttons
Forums -> Security Tools for .NET 2.0 Forum


by Jean Milne [jeanangeo at yahoo dot com]
posted on 2009/12/16

I am attempting to use the X509CertificateGenerator to create a certificate to replace one created by the following commands:

makecert -sv CERTNAME.pvk -n \"CN=SUBJECTNAME\" CERTNAME.cer -sky exchange cert2spc CERTNAME.cer CERTNAME.spc pvk2pfx -pvk CERTNAME.pvk -spc CERTNAME.spc -pfx CERTNAME.pfx

My code is:

RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
CertificateSettings settings = new CertificateSettings();
settings.StartDate = DateTime.Now;
settings.EndDate = DateTime.Now.AddDays(2);
X509Certificate certificate = X509CertificateGenerator.Create(provider, issuerName, settings);

However, the resulting certificate is different in 3 ways:

Firstly, the issuer name in the code-generated certificate is the same as the subject name (whereas the issuer name in the certificate batch-file-generated certificate is \"CN=Root Agency\"). When you export view the batch-file generated certificateto .cer file, you can see the Root Authority in the path. The code-generated certificate when exported to .cer has no Root Agency.

Secondly, the password in the code-generated certificate is NULL whereas the password in the batch-file-generated certificate is \"\". Therefore, the batch-file-generated certificate has to be loaded using the call:

X509Certificate2 certificate = new X509Certificate2(fullPath, string.Empty);

whereares the code-generated certificate has to be loaded using the call:

X509Certificate2 certificate = new X509Certificate2(fullPath);

Thirdly, the certificate doesn\'t actually work. Any WCF service call fails. An error is enetered into the server WCF logs:

System.ComponentModel.Win32Exception: The credentials supplied to the package were not recognized at System.IdentityModel.SspiWrapper.AcquireCredentialsHandle(String package, CredentialUse intent, SecureCredential scc) at System.ServiceModel.Security.TlsSspiNegotiation.AcquireServerCredentials() at System.ServiceModel.Security.TlsSspiNegotiation..ctor(String destination, Boolean isServer, SchProtocols protocolFlags, X509Certificate2 serverCertificate, X509Certificate2 clientCertificate, Boolean clientCertRequired) at System.ServiceModel.Security.TlsnegoTokenAuthenticator.CreateSspiState(Byte[] incomingBlob, String incomingValueTypeUri) at System.ServiceModel.Security.SspiNegotiationTokenAuthenticator.ProcessRequestSecurityToken(Message request, RequestSecurityToken requestSecurityToken, SspiNegotiationTokenAuthenticatorState& negotiationState) at System.ServiceModel.Security.NegotiationTokenAuthenticator1.ProcessRequestCore(Message request) at System.ServiceModel.Security.NegotiationTokenAuthenticator1.NegotiationHost.NegotiationSyncInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)

Can anyone help me to understand why I\'m getting the differences?


Copyright © 2002-2007, The Team. All rights reserved.
This site is located at
Send comments to the webmaster.