Exception when trying to read a PrivateKey from Windows certstore

Question

I created a private and public key pair using OpenSSL and then I generated a .p12 file to import it into my Windows certstore. The key pair and .p12 files were created in Wi

Answer 1

Yes, it is a problem with permissions. I have struggled with this some time ago. Currently I use winhttpcertcfg to add appropriate permissions.

You should also check this link: http://benoit808.wordpress.com/2008/10/31/cryptographicexception-the-handle-is-invalid/.

There is also article about it http://www.stevefenton.co.uk/Content/Blog/Date/201101/Blog/X509-Certificates-On-Windows-Server-2003/. You may also need to add permissions for IIS_WPG and IUSR account (the article doesn't mention it).

Answer 2

I finally cracked down the problem, but couldn't post the answer until now (because I'm a beginer):

The thing is that I was importing the .p12 the wrong way. I was double clicking it and following the steps. What this did was to put the certificate in the Current User - Personal certificate store, so I thought that by just moving the cert from that store to the Local Machine store was enough... but oh surprise! it was not. After much revision, I found that the IIS has the capability of importing certificates from within itself, and that this puts the certificate directly in the Local Machine cert store. If anyone has the some problem or just wants to see how to do this, these are the steps:

• Open the IIS.
• Go to the Server Certificates (sorry if you don't find the exact words, my Windows is in Spanish)
• Select Import
• Select your file. If your file is a .p12 like mine, then select to view *.*
• Type in the password
• Accept... and voilá