"Bala" <balaram_barange@persistent.co.in> wrote in message
news:OLhtQsTdIHA.3940@TK2MSFTNGP05.phx.gbl...
> HI All,
>
> We want to programmatically assign certificate on IIS server. We are able
> to
> assign the certificate, but the website does not work on https after the
> assignment. I think we are missing some step while programmatically
> assigning the
> certificate to IIS server?. We are doing the assignment of certificate
> using
> the Crypto API. There are four steps in this process:
>
> 1. Creating the certificate request.
>
> 2. Creating the certificate by certificate utility using this
> certificate request.
>
> 3. Assign the generated certificate to IIS server.
>
> 4. Enable SSL on the IIS server for the website.
>
>
> When we do these steps manually it works but when we do these
> programmatically (using CAPI) then it says "The SSL server credential's
> certificate does not have a private key information property".
>
>
> Here are the details what we tried to accomplished this task.
>
> 1) First we were just storing the final certificate generated by certman
> in
> the registry at Local Machine's personal store. But it displayed a
> certificate saying "The issuer of this certificate could not be found."
> Then so solve this, we inserted the "ca.crt" certificate in the
> LocalMachine's
> Root location. So now when we view the certificate it says "certificate is
> ok".
>
> But it still does not have the private key information, so the WebPages
> are
> not getting displayed using SSL.
>
>
> We did a lot of analysis on this issue, searched on internet, but did not
> get a proper solution.
>
> Here are some observations:
>
> 1) When the certificate is generated manually using IIS there is a field
> named "Subject Key Identifier" in the Details pane of the certificate.
> There
> is a key generated by this "Subject Key Identifier" name in the registry
> at
> the location
> HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\My\\Keys
> having
> value of the type REG_BINARY by the name Blob, which is the entry of the
> private key corresponding to the certificate. This entry is not been made
> when we try to add the certificate programmatically. We are currently
> trying
> out this.
>
> 2) The System Log shows the following error while installation:
> "The SSL server credential's certificate does not have a private key
> information property attached to it. This most often occurs when a
> certificate is backed up incorrectly and then later restored. This message
> can also indicate a certificate enrollment failure."
>
> Here is code to assigne the certificate
>
> Dim cert As New X509Certificate2(path + "certificate.crt") ' path is path
> to
> the cert folder.
>
> Dim store As New X509Store("My", StoreLocation.LocalMachine)
>
> store.Open(OpenFlags.ReadWrite)
>
> store.Add(cert)
>
> store.Close()
>
> 'X509Certificate2UI.DisplayCertificate(cert)
>
> 'Attach certificate to Website
>
> If (Not (cert) Is Nothing) Then
>
> Dim utils As Utilities = New Utilities
>
> Dim thumbprintBytes() As Byte =
> CType(utils.BinaryStringToByteArray(utils.HexToBinary(cert.Thumbprint)),
> Byte())
>
> Dim adminBaseClass As Windows.Services.Iis.Metabase.MSAdminBaseClass = New
> Windows.Services.Iis.Metabase.MSAdminBaseClass
>
> Dim metaDataPath As String = "/W3SVC/1"
>
> adminBaseClass.SetMetabaseData(SSL_CERT_HASH_ID, metaDataPath,
> thumbprintBytes)
>
> adminBaseClass.SetMetabaseData(SSL_STORE_NAME, metaDataPath, "My")
>
> End If
>
> So presently we are stuck on this issue, please let us know any one has
> any idea on this.
>
> Thanks and Regards,
>
> Balaram Barange
>
>