views:

198

answers:

2

Hi all,

i have two machines machine1 and machine2. On one of those two machines (machine2) is my certificate store, the certificate store on machine1 is not allowed to be used. Further, i have do do some webservice-calls from machine1 against an client-certificate-secured web-service. The certificate which i would like to add to the web-service-calls is stored in the certificate store on machine2 and is planned to be retrieved from machine2 over an internal web-service and then to be attached to my SoapHttpClientProtocol-instance on machine1, when machine1 is calling an external web-service.

I export the client-certificate on machine2 with sth like this: cert.Export(X509ContentType.SerializedCert)

..and give the base64Binary back to machine1 for further use.

Then it comes to the problem: If i create a new X509Certificate2 object from that byte-array (from the base64Binary) on machine1 and attach it to the SoapHttpClientProtocol it doesn´t work. But otherwise, if i create a new X509Certificate-object (no '2' !) from the byte-array and attach this to my SoapHttpClientProtocol, it works! The problem is that, if use the "older" class X509Certificate, then i have to install the client-certificate (including the private key) on machine1 also! And that makes no sense. Can someone help me and give me the right hint for this problem, please!

Regards, Krile

A: 

In general, you cannot do that. To use a certificate, you need to have its private key installed. Sounds like you aren't allowed to do that on machine #2.

RichAmberale
No i´m not allowed to do that on machine #2. If i do some tracing within system.net and system.net.sockets than the log says that, if i compiled with the X509Certificate2 class, the "certificate does contain the privatekey already, because it is a X509Certificate2" !And if i compile with the X509Certificate than the log says it´s beeing made an lookup for the private key in the local machine´s store !! So here is a difference i would say, but are you sure that i cannot retrieve a certificate (whole cert, incl. its private key!) as base64Binary over a webservice and use it like i want??
krile
A: 

I would appreciate any help from anyone here with this problem, please help me!

krile