Re: Client Certificate not reaching server

• Previous message: Joe Kaplan \(MVP - ADSI\): "Re: http request from windows service"
• Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Client Certificate not reaching server"
• Reply: Joe Kaplan \(MVP - ADSI\): "Re: Client Certificate not reaching server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 15 Dec 2004 15:27:18 -0800

I have the same issue. My client cert is installed in the Local
Machine's personal store and when I attach my .cer file (containing
public key) the web request is failing to find the private key in the
cert store. I have tried impersonating a custom 'asp user' who had the
cert in their personal store too. No Luck.

ek03 wrote:
> The certificate is in the machine store - //machine-name/Personal...
>
> "Joe Kaplan (MVP - ADSI)" wrote:
>
> > Personal stores go by user account, so you need to make sure that
the
> > certificate is stored in the personal store of the identity that
will be
> > running the code. You can also use the machine store to place the
keys,
> > which might work better in your situation.
> >
> > Joe K.
> >
> > "ek03" <ek03@discussions.microsoft.com> wrote in message
> > news:9F310CFD-375D-4C27-B6B4-90DE6D0E6074@microsoft.com...
> > > What store will be searched for the private key? I am having the
same
> > > issue
> > > -- i.e. adding the clientCertificate to the request object but it
is not
> > > being sent in the actual request. I do have a private key
installed. The
> > > certificate is in the Local Computer/Personal store on the client
machine.
> > >
> > > Thanks.
> > >
> > > "Joe Kaplan (MVP - ADSI)" wrote:
> > >
> > >> What happens is that when you attach the client certificate to
your
> > >> request,
> > >> the underlying code will try to find the private key for that
certificate
> > >> in
> > >> a key store on your machine. If it finds the key, then it can
do client
> > >> certificate authentication. If it can't then client certificate
> > >> authentication doesn't work.
> > >>
> > >> This is what you are seeing. You are adding a certificate to
the request
> > >> but don't have the private key, so the client code fails to find
it and
> > >> doesn't try to do client certificate authentication with the
server.
> > >> Thus
> > >> the server doesn't see a client certificate from the request.
> > >>
> > >> When you think about this, it makes sense. If a client
certificate can
> > >> be
> > >> used for authentication, then it would make sense that you would
need to
> > >> have the private key to prove that certificate is yours. The
certificate
> > >> is
> > >> public data, so it can't be used to prove your identity by
itself.
> > >>
> > >> The larger question I have is if you need to just use SSL with
the server
> > >> certificate or if they really want you to do client
authentication. Is
> > >> the
> > >> cert they gave you for your client or for the server?
> > >>
> > >> Joe K.
> > >>
> > >> "NRao" <NRao@discussions.microsoft.com> wrote in message
> > >> news:0315A66B-CFA7-481C-AD9F-044A3DD4A3FD@microsoft.com...
> > >> > Joe,
> > >> >
> > >> > Thank you very much. you explained it very well. But still
have doubt.
> > >> > If
> > >> > you can explain this that really helps me lot.
> > >> >
> > >> > I have added certificate from file as bellow. When I see the
webReq
> > >> > object
> > >> > in quickwatch it shows valid certificate.
> > >> >
> > >> > X509Certificate clientCertificate =
> > >> > X509Certificate.CreateFromCertFile(CERT);
> > >> > webReq.ClientCertificates.Add( clientCertificate );
> > >> >
> > >> > Then I sent the request. On server I look at the
> > >> > Request.ClientCertificates.
> > >> > There is no certificate. My question is even it is invalid
certificate
> > >> > it
> > >> > should be present on the server. Right? What happened to the
> > >> > certificate I
> > >> > attached. Request ignored that?
> > >> >
> > >> >
> > >> >
> > >> >
> > >> > "NRao" wrote:
> > >> >
> > >> >> Hello Everbody,
> > >> >>
> > >> >> I have a class lib which is accessing a .aspx on web through
> > >> >> httpwebrequest
> > >> >> and sending xml through post method. Server people provided
me a .cer
> > >> >> file. I
> > >> >> am adding that certificate file to httpwebrequest. But their
side they
> > >> >> do
> > >> >> not
> > >> >> find the certificate. I tried following ways
> > >> >>
> > >> >> 1) Convert the .cer file into binary
> > >> >>
> > >> >> 2) Imported the .cer file into Certificate
store(localcomputer/current
> > >> >> user)
> > >> >> and exported the certificate into DER format .cer file and
tried
> > >> >> CreateFromCertFile() method.
> > >> >>
> > >> >> Can anybody please point right way
> > >> >>
> > >> >> Also I have few questions.
> > >> >> 1) what preventing the certificate to reach server?
> > >> >> 2)I added the certificate to httpwebrequest and sent to my
test site
> > >> >> and
> > >> >> there I checked Request.ClientCertificate.IsPresent. But I
always get
> > >> >> false.
> > >> >> Why So? Even if it is not valid certificate should present.
right?
> > >> >>
> > >>
> > >>
> > >>
> >
> >
> >

• Previous message: Joe Kaplan \(MVP - ADSI\): "Re: http request from windows service"
• Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Client Certificate not reaching server"
• Reply: Joe Kaplan \(MVP - ADSI\): "Re: Client Certificate not reaching server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]