Empty PrivateKey in x509certificate2

流过昼夜 提交于 2019-12-23 19:51:28

问题


I have installed certificate on local machine store (win7) with private key. In c# code I do that:

        X509Certificate2 cert = null;
        var store = new X509Store(storeName, storeLocation);
        store.Open(OpenFlags.ReadOnly);
        try
        {
            var result = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
            ServicePointManager.Expect100Continue = true;
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
            ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
            cert = result.Count > 0 
                ? result[0] 
                : null;
        }
        finally
        {
            store.Close();
        }
        return cert;

In cert variable I have my certificate BUT something wrong with it: HasPrivateKey is true but PrivateKey has no any object. And if I send it with REST request in C# code of my web application I have errors:

AcquireCredentialsHandle() failed with error 0X8009030D.
The request was aborted: Could not create SSL/TLS secure channel.

All rights is granted for certificate in store. Please help with it, what is wrong?

Certutil result in Russian (I hide secure info with "***"):

certutil -store my "cf 35 63 34 14 30 a0 32 ca 4a 58 b9 7a 7a ab 18 a4 47 7d a4"
================ Сертификат 0 ================
Серийный номер: 100030
Поставщик: ******************************
 NotBefore: 07.07.2015 5:00
 NotAfter: 24.12.2023 4:59
Субъект: ********************************
Не корневой сертификат
Шаблон:
Хеш сертификата(sha1): cf 35 63 34 14 30 a0 32 ca 4a 58 b9 7a 7a ab 18 a4 47 7d a4
  Контейнер ключа = 94c3b04b44d51674a1b7de89c10bd7d7_09614f03-cc81-44e6-a978-81773242876c
  Простое имя контейнера: CertReq-ceda22d5-2893-496a-b8c1-5c9ceaed82f1
  Поставщик = Microsoft Strong Cryptographic Provider
Тест шифрования пройден

回答1:


I've figured the problem. I deleted certificate from machine store, then export installed cerificate from current user store to .pfx file and import it in machine store. Now PrivateKey has object. Onse more step, I changed protocol type from Tls to Tls12(works for Win7+):

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;


来源:https://stackoverflow.com/questions/31274212/empty-privatekey-in-x509certificate2

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!