|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
X.509 Certificate store - getting - creating certsin the October issue of the MSDN Magazine. One of the things that the sample application "Picture Viewer" does is to attempt to get a X.509 Cetificate from the Certificate Store. <code> private X509Certificate2 GetCertificate() { X509Store store = new X509Store(StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly); X509Certificate2Collection matches; matches = store.Certificates.Find(X509FindType.FindBySubjectName, "PictureView", false); return (matches.Count > 0) ? matches[0] : null ; } </code> I have this running on a brand new RC2 build of Vista and of course have no certificates. Therefore it finds no certificates. Couple of questions - 1) Can I put a Certificate on this machine or do I have to install it on a Server class machine? 2) How do I get / create a X.509 cert and install on a machine? I have been looking into the CryotAPI to get a better idea of what is trying to take place but have not yet answered the above questions. If anyone has information / resources that will help me gain a better understanding of security with regard to WCF / .Net 3.0 that they can point me at it will be greatly appreciated. -- Thank you, John "John A" <i-code4food@newsgroups.nospam> wrote: I've been doing quite a bit of .Net 3.0 these days, and came across this > 2) How do I get / create a X.509 cert and install on a machine? same problem. I had a real need to be able to generate X.509 certificates in code. After looking around for ages for code samples to do this, I gave up and did it myself. My solution isn't really pretty, but it does get the job done. http://www.coversant.net/dotnetnuke/Default.aspx?tabid=88&EntryID=21 The code in there creates a self-signed X.509 Certificate, writes it to a file, then loads that file into an X509Certificate2 class. I'm essentially shelling out to MakeCert.exe for the certificate generation, as I couldn't figure out a good way to do this in purely managed code. Note that the code to move this new certificate into a Certificate Store is really easy, as there are classes in the .Net framework that will do this. Thanks Chris. When I run the following I get an error any ideas why?
C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin>makecert -r -pe -n "CN=TestUser" -ss my -sr currentuser -sky exchange .\TestUser.cer Error: WriteFile failed => 0x5 (5) Failed -- Show quoteHide quoteThank you, John "Chris Mullins" wrote: > "John A" <i-code4food@newsgroups.nospam> wrote: > > > 2) How do I get / create a X.509 cert and install on a machine? > > I've been doing quite a bit of .Net 3.0 these days, and came across this > same problem. I had a real need to be able to generate X.509 certificates in > code. > > After looking around for ages for code samples to do this, I gave up and did > it myself. My solution isn't really pretty, but it does get the job done. > > http://www.coversant.net/dotnetnuke/Default.aspx?tabid=88&EntryID=21 > > The code in there creates a self-signed X.509 Certificate, writes it to a > file, then loads that file into an X509Certificate2 class. I'm essentially > shelling out to MakeCert.exe for the certificate generation, as I couldn't > figure out a good way to do this in purely managed code. > > Note that the code to move this new certificate into a Certificate Store is > really easy, as there are classes in the .Net framework that will do this. > > -- > Chris Mullins, MCSD.NET, MCPD:Enterprise > http://www.coversant.net/blogs/cmullins > > > Only the obvious thoughts:
1 - Are you running as an Administator? If not, do you have rights to write to the directory? 2 - Is there already a "TestUser.cer" file in that directory? You can probably eliminate a number of those flags - for instance, the default is the "CurrentUser" store, so you don't need "-sr curretnuser". You could trying playing with the flags and see if anything changes. -- Show quoteHide quoteChris Mullins "John A" <i-code4food@newsgroups.nospam> wrote in message news:C74F094B-02CA-49CD-8307-98A817C61846@microsoft.com... > Thanks Chris. When I run the following I get an error any ideas why? > > C:\Program Files\Microsoft Visual Studio > 8\Common7\Tools\Bin>makecert -r -pe > -n "CN=TestUser" -ss my -sr currentuser -sky exchange .\TestUser.cer > Error: WriteFile failed => 0x5 (5) > Failed > > > -- > Thank you, > John > > > "Chris Mullins" wrote: > >> "John A" <i-code4food@newsgroups.nospam> wrote: >> >> > 2) How do I get / create a X.509 cert and install on a machine? >> >> I've been doing quite a bit of .Net 3.0 these days, and came across this >> same problem. I had a real need to be able to generate X.509 certificates >> in >> code. >> >> After looking around for ages for code samples to do this, I gave up and >> did >> it myself. My solution isn't really pretty, but it does get the job done. >> >> http://www.coversant.net/dotnetnuke/Default.aspx?tabid=88&EntryID=21 >> >> The code in there creates a self-signed X.509 Certificate, writes it to a >> file, then loads that file into an X509Certificate2 class. I'm >> essentially >> shelling out to MakeCert.exe for the certificate generation, as I >> couldn't >> figure out a good way to do this in purely managed code. >> >> Note that the code to move this new certificate into a Certificate Store >> is >> really easy, as there are classes in the .Net framework that will do >> this. >> >> -- >> Chris Mullins, MCSD.NET, MCPD:Enterprise >> http://www.coversant.net/blogs/cmullins >> >> >> Yes I am Administrator.
I tried to create a cert with another name and received the same error. I also did a search of the entire hard drive and no .cer files to be found. I am running windows vista not sure if that might make things different. I will play around with the flags later but right now I need to go to my paying job, I'll ask a co-worker there. Thanks again for all your help. -- Show quoteHide quoteThank you, John "Chris Mullins" wrote: > Only the obvious thoughts: > 1 - Are you running as an Administator? If not, do you have rights to write > to the directory? > 2 - Is there already a "TestUser.cer" file in that directory? > > You can probably eliminate a number of those flags - for instance, the > default is the "CurrentUser" store, so you don't need "-sr curretnuser". You > could trying playing with the flags and see if anything changes. > > > -- > Chris Mullins > > "John A" <i-code4food@newsgroups.nospam> wrote in message > news:C74F094B-02CA-49CD-8307-98A817C61846@microsoft.com... > > Thanks Chris. When I run the following I get an error any ideas why? > > > > C:\Program Files\Microsoft Visual Studio > > 8\Common7\Tools\Bin>makecert -r -pe > > -n "CN=TestUser" -ss my -sr currentuser -sky exchange .\TestUser.cer > > Error: WriteFile failed => 0x5 (5) > > Failed > > > > > > -- > > Thank you, > > John > > > > > > "Chris Mullins" wrote: > > > >> "John A" <i-code4food@newsgroups.nospam> wrote: > >> > >> > 2) How do I get / create a X.509 cert and install on a machine? > >> > >> I've been doing quite a bit of .Net 3.0 these days, and came across this > >> same problem. I had a real need to be able to generate X.509 certificates > >> in > >> code. > >> > >> After looking around for ages for code samples to do this, I gave up and > >> did > >> it myself. My solution isn't really pretty, but it does get the job done. > >> > >> http://www.coversant.net/dotnetnuke/Default.aspx?tabid=88&EntryID=21 > >> > >> The code in there creates a self-signed X.509 Certificate, writes it to a > >> file, then loads that file into an X509Certificate2 class. I'm > >> essentially > >> shelling out to MakeCert.exe for the certificate generation, as I > >> couldn't > >> figure out a good way to do this in purely managed code. > >> > >> Note that the code to move this new certificate into a Certificate Store > >> is > >> really easy, as there are classes in the .Net framework that will do > >> this. > >> > >> -- > >> Chris Mullins, MCSD.NET, MCPD:Enterprise > >> http://www.coversant.net/blogs/cmullins > >> > >> > >> > > > Ah. Vista.
Try creating this certificate in your personal documents directory. IIRC, Vista has all sorts of prohibitions against file writes to Program Files directories from applications other than installers. Simply being logged in as an administrator isn't enough to bypass this, although explicitly running the command prompt "Run as Administrator" may be sufficient. -- Show quoteHide quoteChris Mullins "John A" <i-code4food@newsgroups.nospam> wrote: > Yes I am Administrator. > > I tried to create a cert with another name and received the same error. I > also did a search of the entire hard drive and no .cer files to be found. > I > am running windows vista not sure if that might make things different. I > will play around with the flags later but right now I need to go to my > paying > job, I'll ask a co-worker there. > > Thanks again for all your help. > > -- > Thank you, > John > > > "Chris Mullins" wrote: > >> Only the obvious thoughts: >> 1 - Are you running as an Administator? If not, do you have rights to >> write >> to the directory? >> 2 - Is there already a "TestUser.cer" file in that directory? >> >> You can probably eliminate a number of those flags - for instance, the >> default is the "CurrentUser" store, so you don't need "-sr curretnuser". >> You >> could trying playing with the flags and see if anything changes. >> >> >> -- >> Chris Mullins >> >> "John A" <i-code4food@newsgroups.nospam> wrote in message >> news:C74F094B-02CA-49CD-8307-98A817C61846@microsoft.com... >> > Thanks Chris. When I run the following I get an error any ideas why? >> > >> > C:\Program Files\Microsoft Visual Studio >> > 8\Common7\Tools\Bin>makecert -r -pe >> > -n "CN=TestUser" -ss my -sr currentuser -sky exchange .\TestUser.cer >> > Error: WriteFile failed => 0x5 (5) >> > Failed >> > >> > >> > -- >> > Thank you, >> > John >> > >> > >> > "Chris Mullins" wrote: >> > >> >> "John A" <i-code4food@newsgroups.nospam> wrote: >> >> >> >> > 2) How do I get / create a X.509 cert and install on a machine? >> >> >> >> I've been doing quite a bit of .Net 3.0 these days, and came across >> >> this >> >> same problem. I had a real need to be able to generate X.509 >> >> certificates >> >> in >> >> code. >> >> >> >> After looking around for ages for code samples to do this, I gave up >> >> and >> >> did >> >> it myself. My solution isn't really pretty, but it does get the job >> >> done. >> >> >> >> http://www.coversant.net/dotnetnuke/Default.aspx?tabid=88&EntryID=21 >> >> >> >> The code in there creates a self-signed X.509 Certificate, writes it >> >> to a >> >> file, then loads that file into an X509Certificate2 class. I'm >> >> essentially >> >> shelling out to MakeCert.exe for the certificate generation, as I >> >> couldn't >> >> figure out a good way to do this in purely managed code. >> >> >> >> Note that the code to move this new certificate into a Certificate >> >> Store >> >> is >> >> really easy, as there are classes in the .Net framework that will do >> >> this. >> >> >> >> -- >> >> Chris Mullins, MCSD.NET, MCPD:Enterprise >> >> http://www.coversant.net/blogs/cmullins >> >> >> >> >> >> >> >> >> Aha, thats was it. I am new to Vista and therefore mostly unfamiliar with
its vagaries. -- Show quoteHide quoteThank you, John "Chris Mullins" wrote: > Ah. Vista. > > Try creating this certificate in your personal documents directory. IIRC, > Vista has all sorts of prohibitions against file writes to Program Files > directories from applications other than installers. > > Simply being logged in as an administrator isn't enough to bypass this, > although explicitly running the command prompt "Run as Administrator" may be > sufficient. > > -- > Chris Mullins > > "John A" <i-code4food@newsgroups.nospam> wrote: > > Yes I am Administrator. > > > > I tried to create a cert with another name and received the same error. I > > also did a search of the entire hard drive and no .cer files to be found. > > I > > am running windows vista not sure if that might make things different. I > > will play around with the flags later but right now I need to go to my > > paying > > job, I'll ask a co-worker there. > > > > Thanks again for all your help. > > > > -- > > Thank you, > > John > > > > > > "Chris Mullins" wrote: > > > >> Only the obvious thoughts: > >> 1 - Are you running as an Administator? If not, do you have rights to > >> write > >> to the directory? > >> 2 - Is there already a "TestUser.cer" file in that directory? > >> > >> You can probably eliminate a number of those flags - for instance, the > >> default is the "CurrentUser" store, so you don't need "-sr curretnuser". > >> You > >> could trying playing with the flags and see if anything changes. > >> > >> > >> -- > >> Chris Mullins > >> > >> "John A" <i-code4food@newsgroups.nospam> wrote in message > >> news:C74F094B-02CA-49CD-8307-98A817C61846@microsoft.com... > >> > Thanks Chris. When I run the following I get an error any ideas why? > >> > > >> > C:\Program Files\Microsoft Visual Studio > >> > 8\Common7\Tools\Bin>makecert -r -pe > >> > -n "CN=TestUser" -ss my -sr currentuser -sky exchange .\TestUser.cer > >> > Error: WriteFile failed => 0x5 (5) > >> > Failed > >> > > >> > > >> > -- > >> > Thank you, > >> > John > >> > > >> > > >> > "Chris Mullins" wrote: > >> > > >> >> "John A" <i-code4food@newsgroups.nospam> wrote: > >> >> > >> >> > 2) How do I get / create a X.509 cert and install on a machine? > >> >> > >> >> I've been doing quite a bit of .Net 3.0 these days, and came across > >> >> this > >> >> same problem. I had a real need to be able to generate X.509 > >> >> certificates > >> >> in > >> >> code. > >> >> > >> >> After looking around for ages for code samples to do this, I gave up > >> >> and > >> >> did > >> >> it myself. My solution isn't really pretty, but it does get the job > >> >> done. > >> >> > >> >> http://www.coversant.net/dotnetnuke/Default.aspx?tabid=88&EntryID=21 > >> >> > >> >> The code in there creates a self-signed X.509 Certificate, writes it > >> >> to a > >> >> file, then loads that file into an X509Certificate2 class. I'm > >> >> essentially > >> >> shelling out to MakeCert.exe for the certificate generation, as I > >> >> couldn't > >> >> figure out a good way to do this in purely managed code. > >> >> > >> >> Note that the code to move this new certificate into a Certificate > >> >> Store > >> >> is > >> >> really easy, as there are classes in the .Net framework that will do > >> >> this. > >> >> > >> >> -- > >> >> Chris Mullins, MCSD.NET, MCPD:Enterprise > >> >> http://www.coversant.net/blogs/cmullins > >> >> > >> >> > >> >> > >> > >> > >> > > > 
Other interesting topics
ActiveDirectory group membership in offline profile
SecurityException thrown when serializing custom exception class How to deploy a VS2005 VB app without signing the clickonce manifest and assy Question on the use of CryptoStream COM+ Security error Credentials Double Hop Seeking Advice on RSA Why am I not trusted? encryption prob How do I determine if a windows identity is authenticated to the network domain |
|||||||||||||||||||||||
