Problems with X509Store Certificates.Find FindByThumbprint

Question

I\'m having a problem when I use the method X509Store.Certificates.Find

public static X509Certificate2 FromStore(StoreName storeName, 
                  


        

Answer 1

I encounter this invisible Unicode char as well. Trying using Notepad (Windows 10) somehow didn't work well for me either. Finally, I use PowerShell to get the clean thumbprint hex:

PS C:\> $tp= (Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object {$_.Subject -match "mycert"}).Thumbprint;
PS C:\> $tp

SO much for Unicode char.

Answer 2

var results = store.Certificates.Find(findType, findType, true);

I think you mean the 2nd param to be "findValue".

Answer 3

+1 for Aasmund Eldhuset's answer (and other answers).

Annoyingly, the first character in the thumbprint textbox is the invisible Unicode "left-to-right-mark" control character.

It can be hard to verify that it is present. For example, copying the thumbprint from my config file to the VS binary editor sometimes gets the invisible character and sometimes doesn't.

Also this code failed to show a problem. I stepped through the code and moused over the x509Store to find the cert I wanted.

                X509Certificate2 cert2 = null;
                string storeName = StoreName.My.ToString();
                var x509Store = new X509Store(storeName, StoreLocation.LocalMachine);
                x509Store.Open(OpenFlags.ReadOnly);

                var cert3 = x509Store.Certificates[4];
                var thumbprint3 = cert3.Thumbprint;
                int gotIt = thumbprint3.CompareTo(clientCert);

Answer 4

I had the same Problem and solved it:

1. I copied the Fingerprint from mmc directly to VS. I compared the strings and didn't find any difference.

2. Checking the length with hash.length, there was a difference, 41 vs. 40.

There is an invisible Char added to the string by copying it out of mmc.

---

Solving:

1. copy the Fingerprint from mmc to Notepad.exe
2. copy this string again
3. paste to your code

It's working.

Answer 5

I took some of the answers here and combined them into a static method that takes care of removing special characters and upper cases everything. Hopefully someone else can use it.

    public static X509Certificate2 GetCertificate(string thumbprint)
    {
        // strip any non-hexadecimal values and make uppercase
        thumbprint = Regex.Replace(thumbprint, @"[^\da-fA-F]", string.Empty).ToUpper();
        var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);

        try
        {
            store.Open(OpenFlags.ReadOnly);

            var certCollection = store.Certificates;
            var signingCert = certCollection.Find(X509FindType.FindByThumbprint, thumbprint, false);
            if (signingCert.Count == 0)
            {
                throw new FileNotFoundException(string.Format("Cert with thumbprint: '{0}' not found in local machine cert store.", thumbprint));
            }

            return signingCert[0];
        }
        finally
        {
            store.Close();
        }
    }

Answer 6

Replace the code to find your certificate in the store as below:

var results = store.Certificates.Find(findType, findValue, true); 

Also the 3rd param which is bool return certificates only if the certificate is valid. So make sure that your certificate is valid. If you have a self signed certificate or so then just pass the 3rd param to be "false"