Re: Client Certificate not reaching server
From: ek03 (ek03_at_discussions.microsoft.com)
Date: Wed, 20 Oct 2004 04:15:06 -0700
What store will be searched for the private key? I am having the same issue
-- i.e. adding the clientCertificate to the request object but it is not
being sent in the actual request. I do have a private key installed. The
certificate is in the Local Computer/Personal store on the client machine.
"Joe Kaplan (MVP - ADSI)" wrote:
> What happens is that when you attach the client certificate to your request,
> the underlying code will try to find the private key for that certificate in
> a key store on your machine. If it finds the key, then it can do client
> certificate authentication. If it can't then client certificate
> authentication doesn't work.
> This is what you are seeing. You are adding a certificate to the request
> but don't have the private key, so the client code fails to find it and
> doesn't try to do client certificate authentication with the server. Thus
> the server doesn't see a client certificate from the request.
> When you think about this, it makes sense. If a client certificate can be
> used for authentication, then it would make sense that you would need to
> have the private key to prove that certificate is yours. The certificate is
> public data, so it can't be used to prove your identity by itself.
> The larger question I have is if you need to just use SSL with the server
> certificate or if they really want you to do client authentication. Is the
> cert they gave you for your client or for the server?
> Joe K.
> "NRao" <NRao@discussions.microsoft.com> wrote in message
> > Joe,
> > Thank you very much. you explained it very well. But still have doubt. If
> > you can explain this that really helps me lot.
> > I have added certificate from file as bellow. When I see the webReq object
> > in quickwatch it shows valid certificate.
> > X509Certificate clientCertificate =
> > X509Certificate.CreateFromCertFile(CERT);
> > webReq.ClientCertificates.Add( clientCertificate );
> > Then I sent the request. On server I look at the
> > Request.ClientCertificates.
> > There is no certificate. My question is even it is invalid certificate it
> > should be present on the server. Right? What happened to the certificate I
> > attached. Request ignored that?
> > "NRao" wrote:
> >> Hello Everbody,
> >> I have a class lib which is accessing a .aspx on web through
> >> httpwebrequest
> >> and sending xml through post method. Server people provided me a .cer
> >> file. I
> >> am adding that certificate file to httpwebrequest. But their side they do
> >> not
> >> find the certificate. I tried following ways
> >> 1) Convert the .cer file into binary
> >> 2) Imported the .cer file into Certificate store(localcomputer/current
> >> user)
> >> and exported the certificate into DER format .cer file and tried
> >> CreateFromCertFile() method.
> >> Can anybody please point right way
> >> Also I have few questions.
> >> 1) what preventing the certificate to reach server?
> >> 2)I added the certificate to httpwebrequest and sent to my test site and
> >> there I checked Request.ClientCertificate.IsPresent. But I always get
> >> false.
> >> Why So? Even if it is not valid certificate should present. right?