|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Programmatically Install Certificate into Windows Certificate Storerequires a password when manually installing. This certificate was issued by a 3rd party company I need to communicate with via https. Initially I exported the PCKS #12 certificate to DER encoded binary X.509 certificate and used the following code to reference it in my application: // Create Certificate X509Certificate cert = X509Certificate.CreateFromCertFile(strCertPath); // Create request HttpWebRequest req = (HttpWebRequest)WebRequest.Create("https://serverurl/"); // Add Certficate req.ClientCertificates.Add(cert); This works great as long as the original PCKS #12 cert is installed in the Windows Certificate Store on the maching running the application. Rather than having to go around to each client's computer and manually installing this certificate on their machine so my application will run, I would like to programmatically search the certificate store for the PCKS #12 cert and, if it doesn't exist, install it on the fly. Could anyone help me with this task? I've heard of CAPICOM, but most of the references I've seen to it have either been relatively confusing or not addressing the task at hand. Thanks in advance for any help. Hi Brad..
Better late than never. Is using the CLR 2.0 an option? It has a greatly expanded set of classes for doing what you described below and is a lot easier than using the Native Crypto API. Maybe I'm missing something, can't you rely on HTTPS to automatically fetch the public part of the certificate and automatically install it for you? Kryz Brad schreef: Show quoteHide quote > I have a Personal Information Exchange PCKS #12 certificate file that > requires a password when manually installing. This certificate was > issued by a 3rd party company I need to communicate with via https. > Initially I exported the PCKS #12 certificate to DER encoded binary > X.509 certificate and used the following code to reference it in my > application: > > // Create Certificate > X509Certificate cert = X509Certificate.CreateFromCertFile(strCertPath); > > // Create request > HttpWebRequest req = > (HttpWebRequest)WebRequest.Create("https://serverurl/"); > > // Add Certficate > req.ClientCertificates.Add(cert); > > This works great as long as the original PCKS #12 cert is installed in > the Windows Certificate Store on the maching running the application. > Rather than having to go around to each client's computer and manually > installing this certificate on their machine so my application will > run, I would like to programmatically search the certificate store for > the PCKS #12 cert and, if it doesn't exist, install it on the fly. > Could anyone help me with this task? I've heard of CAPICOM, but most > of the references I've seen to it have either been relatively confusing > or not addressing the task at hand. Thanks in advance for any help. Hi Brad..
Better late than never. Is using the CLR 2.0 an option? It has a greatly expanded set of classes for doing what you described below and is a lot easier than using the Native Crypto API. Maybe I'm missing something, can't you rely on HTTPS to automatically fetch the public part of the certificate and automatically install it for you? Kryz Brad schreef: Show quoteHide quote > I have a Personal Information Exchange PCKS #12 certificate file that > requires a password when manually installing. This certificate was > issued by a 3rd party company I need to communicate with via https. > Initially I exported the PCKS #12 certificate to DER encoded binary > X.509 certificate and used the following code to reference it in my > application: > > // Create Certificate > X509Certificate cert = X509Certificate.CreateFromCertFile(strCertPath); > > // Create request > HttpWebRequest req = > (HttpWebRequest)WebRequest.Create("https://serverurl/"); > > // Add Certficate > req.ClientCertificates.Add(cert); > > This works great as long as the original PCKS #12 cert is installed in > the Windows Certificate Store on the maching running the application. > Rather than having to go around to each client's computer and manually > installing this certificate on their machine so my application will > run, I would like to programmatically search the certificate store for > the PCKS #12 cert and, if it doesn't exist, install it on the fly. > Could anyone help me with this task? I've heard of CAPICOM, but most > of the references I've seen to it have either been relatively confusing > or not addressing the task at hand. Thanks in advance for any help. Kryz,
Thanks for the response, but no, I can't use 2.x yet. The company I work for has plans to migrate their apps to 2.0, but that will be a year in the making at least. I was able to get everything to work for a Windows form application, but now it's been moved to an N-tier system and it no longer works. Now I get a 403 Forbidden error using identical code. I'm not sure if the problem is that the ASP.NET user doesn't have access to the cert or what. I know it has access to the .cer file that I exported from the ..p12 file. I also know the original P12 certificate has been installed on the machine the business layer runs on. I get the same 403 error when I attempt to debug the app with everything running on my local machine. I've installed the certificates to the Personal and Trust Root stores for the "ASP.NET State Service" as well as for the "Local Machine" via the MMC. Any ideas what's up? kr***@yahoo.com wrote: Show quoteHide quote > Hi Brad.. > > Better late than never. > > Is using the CLR 2.0 an option? It has a greatly expanded set of > classes for doing what you described below and is a lot easier than > using the Native Crypto API. Maybe I'm missing something, can't you > rely on HTTPS to automatically fetch the public part of the certificate > and automatically install it for you? > > Kryz > > > Brad schreef: > > > I have a Personal Information Exchange PCKS #12 certificate file that > > requires a password when manually installing. This certificate was > > issued by a 3rd party company I need to communicate with via https. > > Initially I exported the PCKS #12 certificate to DER encoded binary > > X.509 certificate and used the following code to reference it in my > > application: > > > > // Create Certificate > > X509Certificate cert = X509Certificate.CreateFromCertFile(strCertPath); > > > > // Create request > > HttpWebRequest req = > > (HttpWebRequest)WebRequest.Create("https://serverurl/"); > > > > // Add Certficate > > req.ClientCertificates.Add(cert); > > > > This works great as long as the original PCKS #12 cert is installed in > > the Windows Certificate Store on the maching running the application. > > Rather than having to go around to each client's computer and manually > > installing this certificate on their machine so my application will > > run, I would like to programmatically search the certificate store for > > the PCKS #12 cert and, if it doesn't exist, install it on the fly. > > Could anyone help me with this task? I've heard of CAPICOM, but most > > of the references I've seen to it have either been relatively confusing > > or not addressing the task at hand. Thanks in advance for any help. 
Other interesting topics
At What Point Does the Security Begin?
Need advise... [assembly: SecurityPermission] question Help : Access denied ??? Bad Data with DES Decryption Active Directory and ASP.NET 2.0 permission for socket access IDentifiy user acl on a folder ???? https and httplistener Microsoft CryptoAPI CSP Availability |
|||||||||||||||||||||||
