|
|
You're in the
dotnet security
group:Programmatically Install Certificate into Windows Certificate Store
dotnet security:
requires a password when manually installing. This certificate was issued by a 3rd party company I need to communicate with via https. Initially I exported the PCKS #12 certificate to DER encoded binary X.509 certificate and used the following code to reference it in my application: // Create Certificate X509Certificate cert = X509Certificate.CreateFromCertFile(strCertPath); // Create request HttpWebRequest req = (HttpWebRequest)WebRequest.Create("https://serverurl/"); // Add Certficate req.ClientCertificates.Add(cert); This works great as long as the original PCKS #12 cert is installed in the Windows Certificate Store on the maching running the application. Rather than having to go around to each client's computer and manually installing this certificate on their machine so my application will run, I would like to programmatically search the certificate store for the PCKS #12 cert and, if it doesn't exist, install it on the fly. Could anyone help me with this task? I've heard of CAPICOM, but most of the references I've seen to it have either been relatively confusing or not addressing the task at hand. Thanks in advance for any help.
Hi Brad..
Better late than never. Is using the CLR 2.0 an option? It has a greatly expanded set of classes for doing what you described below and is a lot easier than using the Native Crypto API. Maybe I'm missing something, can't you rely on HTTPS to automatically fetch the public part of the certificate and automatically install it for you? Kryz Brad schreef: [quoted text, click to view] > I have a Personal Information Exchange PCKS #12 certificate file that
> requires a password when manually installing. This certificate was > issued by a 3rd party company I need to communicate with via https. > Initially I exported the PCKS #12 certificate to DER encoded binary > X.509 certificate and used the following code to reference it in my > application: > > // Create Certificate > X509Certificate cert = X509Certificate.CreateFromCertFile(strCertPath); > > // Create request > HttpWebRequest req = > (HttpWebRequest)WebRequest.Create("https://serverurl/"); > > // Add Certficate > req.ClientCertificates.Add(cert); > > This works great as long as the original PCKS #12 cert is installed in > the Windows Certificate Store on the maching running the application. > Rather than having to go around to each client's computer and manually > installing this certificate on their machine so my application will > run, I would like to programmatically search the certificate store for > the PCKS #12 cert and, if it doesn't exist, install it on the fly. > Could anyone help me with this task? I've heard of CAPICOM, but most > of the references I've seen to it have either been relatively confusing > or not addressing the task at hand. Thanks in advance for any help.
Hi Brad..
Better late than never. Is using the CLR 2.0 an option? It has a greatly expanded set of classes for doing what you described below and is a lot easier than using the Native Crypto API. Maybe I'm missing something, can't you rely on HTTPS to automatically fetch the public part of the certificate and automatically install it for you? Kryz Brad schreef: [quoted text, click to view] > I have a Personal Information Exchange PCKS #12 certificate file that
> requires a password when manually installing. This certificate was > issued by a 3rd party company I need to communicate with via https. > Initially I exported the PCKS #12 certificate to DER encoded binary > X.509 certificate and used the following code to reference it in my > application: > > // Create Certificate > X509Certificate cert = X509Certificate.CreateFromCertFile(strCertPath); > > // Create request > HttpWebRequest req = > (HttpWebRequest)WebRequest.Create("https://serverurl/"); > > // Add Certficate > req.ClientCertificates.Add(cert); > > This works great as long as the original PCKS #12 cert is installed in > the Windows Certificate Store on the maching running the application. > Rather than having to go around to each client's computer and manually > installing this certificate on their machine so my application will > run, I would like to programmatically search the certificate store for > the PCKS #12 cert and, if it doesn't exist, install it on the fly. > Could anyone help me with this task? I've heard of CAPICOM, but most > of the references I've seen to it have either been relatively confusing > or not addressing the task at hand. Thanks in advance for any help.
Kryz,
Thanks for the response, but no, I can't use 2.x yet. The company I work for has plans to migrate their apps to 2.0, but that will be a year in the making at least. I was able to get everything to work for a Windows form application, but now it's been moved to an N-tier system and it no longer works. Now I get a 403 Forbidden error using identical code. I'm not sure if the problem is that the ASP.NET user doesn't have access to the cert or what. I know it has access to the .cer file that I exported from the ..p12 file. I also know the original P12 certificate has been installed on the machine the business layer runs on. I get the same 403 error when I attempt to debug the app with everything running on my local machine. I've installed the certificates to the Personal and Trust Root stores for the "ASP.NET State Service" as well as for the "Local Machine" via the MMC. Any ideas what's up? [quoted text, click to view] kryzm@yahoo.com wrote:
> Hi Brad.. > > Better late than never. > > Is using the CLR 2.0 an option? It has a greatly expanded set of > classes for doing what you described below and is a lot easier than > using the Native Crypto API. Maybe I'm missing something, can't you > rely on HTTPS to automatically fetch the public part of the certificate > and automatically install it for you? > > Kryz > > > Brad schreef: > > > I have a Personal Information Exchange PCKS #12 certificate file that > > requires a password when manually installing. This certificate was > > issued by a 3rd party company I need to communicate with via https. > > Initially I exported the PCKS #12 certificate to DER encoded binary > > X.509 certificate and used the following code to reference it in my > > application: > > > > // Create Certificate > > X509Certificate cert = X509Certificate.CreateFromCertFile(strCertPath); > > > > // Create request > > HttpWebRequest req = > > (HttpWebRequest)WebRequest.Create("https://serverurl/"); > > > > // Add Certficate > > req.ClientCertificates.Add(cert); > > > > This works great as long as the original PCKS #12 cert is installed in > > the Windows Certificate Store on the maching running the application. > > Rather than having to go around to each client's computer and manually > > installing this certificate on their machine so my application will > > run, I would like to programmatically search the certificate store for > > the PCKS #12 cert and, if it doesn't exist, install it on the fly. > > Could anyone help me with this task? I've heard of CAPICOM, but most > > of the references I've seen to it have either been relatively confusing > > or not addressing the task at hand. Thanks in advance for any help.
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
| home · blog · groups | Questions? Comments? Contact the dn |