|
|
You're in the
dotnet web services enhancements
group:Private key not available for X.509 certificate under W2000
dotnet web services enhancements:
I am having difficulty running a WSE 2.0 enabled Web Service under Windows 2000. I can run the same web service using X.509 certificates for authentication and encryption when the web service is on a Windows 2003 Server (Enterprise Edition) and the caller is on my Windows 2000 machine. But when the Web Service is on the same Windows 2000 machine I get the following returned from the web service call: Message "System.Web.Services.Protocols.SoapHeaderException: Server unavailable, please try later ---> System.InvalidOperationException: Private Key is not available\n at Microsoft.Web.Services2.Security.Cryptography.RSACryptoServiceProvider.Decrypt(Byte[] ciphertext, Boolean useOAEP)\n at Microsoft.Web.Services2.Security.Cryptography.RSA15KeyExchangeFormatter.DecryptKey(Byte[] cipherKey)\n at Microsoft.Web.Services2.Security.EncryptedKey.Decrypt()\n at Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement element)\n at Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnvelope envelope)\n at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope envelope)\n at Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapServerMessage message)\n --- End of inner exception stack trace ---" string I have been looking around Google Groups and have found a few people talking about there being difficulties in getting this to work on Windows 2000 and storing certificates under the "Other People" branch of the certificate store. In which certificate store does a WSE 2 web service look for a private certificate key? Is it looking in "Other people"? Can I change this? I am using VS.NET 2003 (C#). Is something just not supported under Windows 2000?
Hi Diego,
The exception below suggests that the correct certificate was found, however, there were not enough permissions given to access the private key file of the certificate. The private key is used to very the signature. Have you give private key permissions to your certificate? You can do this by using the WSE Certificate tool, clicking on the Private Key properties and then adding the "Users" group to the ACL's of the file. In general, when verifying signature or decrypting on the server side, the LocalMachine/Personal store is used in order to retrieve the certificate. This is the default store unless it is explicitly specified as something else in the configuration file. Let me know if this helps Sidd [MSFT] [quoted text, click to view] "Diego Barros" <db@somewhere.com> wrote in message news:%23OPjMKjdFHA.3040@TK2MSFTNGP14.phx.gbl... > Hi all, > > I am having difficulty running a WSE 2.0 enabled Web Service under Windows > 2000. I can run the same web service using X.509 certificates for > authentication and encryption when the web service is on a Windows 2003 > Server (Enterprise Edition) and the caller is on my Windows 2000 machine. > > But when the Web Service is on the same Windows 2000 machine I get the > following returned from the web service call: > > Message "System.Web.Services.Protocols.SoapHeaderException: Server > unavailable, please try later ---> System.InvalidOperationException: > Private Key is not available\n at > Microsoft.Web.Services2.Security.Cryptography.RSACryptoServiceProvider.Decrypt(Byte[] > ciphertext, Boolean useOAEP)\n at > Microsoft.Web.Services2.Security.Cryptography.RSA15KeyExchangeFormatter.DecryptKey(Byte[] > cipherKey)\n at > Microsoft.Web.Services2.Security.EncryptedKey.Decrypt()\n at > Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement element)\n > at > Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnvelope > envelope)\n at > Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope > envelope)\n at > Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapServerMessage > message)\n --- End of inner exception stack trace ---" string > > > I have been looking around Google Groups and have found a few people > talking about there being difficulties in getting this to work on Windows > 2000 and storing certificates under the "Other People" branch of the > certificate store. > > In which certificate store does a WSE 2 web service look for a private > certificate key? Is it looking in "Other people"? Can I change this? I am > using VS.NET 2003 (C#). Is something just not supported under Windows > 2000? > > Any help would be greatly appreciated?
One thing to note: in the Hands on Labs, the instructions say to tive the
ASPNET account access to teh server certificate. I am developing as a non-admin, not using IIS but the file based server and this did not work. For TESTING and DEVELOPMENT purposes, I gave my login account access to the server certificate (in local machine/personal) instead. Julie [quoted text, click to view] "Sidd [MSFT]" <ElCid@hotmail.com> wrote in message news:evMCrj7dFHA.1384@TK2MSFTNGP09.phx.gbl... > Hi Diego, > > The exception below suggests that the correct certificate was found, > however, there were not enough permissions given to access the private key > file > of the certificate. The private key is used to very the signature. Have > you give private key permissions to your certificate? You can do this by > using the WSE Certificate tool, > clicking on the Private Key properties and then adding the "Users" group > to the ACL's of the file. > > In general, when verifying signature or decrypting on the server side, > the LocalMachine/Personal store is used in order to retrieve the > certificate. This is the default store unless it is explicitly specified > as something else in the configuration file. > > Let me know if this helps > > Sidd [MSFT] > > "Diego Barros" <db@somewhere.com> wrote in message > news:%23OPjMKjdFHA.3040@TK2MSFTNGP14.phx.gbl... >> Hi all, >> >> I am having difficulty running a WSE 2.0 enabled Web Service under >> Windows 2000. I can run the same web service using X.509 certificates for >> authentication and encryption when the web service is on a Windows 2003 >> Server (Enterprise Edition) and the caller is on my Windows 2000 machine. >> >> But when the Web Service is on the same Windows 2000 machine I get the >> following returned from the web service call: >> >> Message "System.Web.Services.Protocols.SoapHeaderException: Server >> unavailable, please try later ---> System.InvalidOperationException: >> Private Key is not available\n at >> Microsoft.Web.Services2.Security.Cryptography.RSACryptoServiceProvider.Decrypt(Byte[] >> ciphertext, Boolean useOAEP)\n at >> Microsoft.Web.Services2.Security.Cryptography.RSA15KeyExchangeFormatter.DecryptKey(Byte[] >> cipherKey)\n at >> Microsoft.Web.Services2.Security.EncryptedKey.Decrypt()\n at >> Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement element)\n >> at >> Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnvelope >> envelope)\n at >> Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope >> envelope)\n at >> Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapServerMessage >> message)\n --- End of inner exception stack trace ---" string >> >> >> I have been looking around Google Groups and have found a few people >> talking about there being difficulties in getting this to work on Windows >> 2000 and storing certificates under the "Other People" branch of the >> certificate store. >> >> In which certificate store does a WSE 2 web service look for a private >> certificate key? Is it looking in "Other people"? Can I change this? I am >> using VS.NET 2003 (C#). Is something just not supported under Windows >> 2000? >> >> Any help would be greatly appreciated? > >
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |