I try to send a message to MSMQ using WCF. I want to use Transport security and sign messages. However, when I set clientcertificate credentials and try to send message, an error is being thrown: "An error occurred while sending to the queue: The user certificate is invalid. (-1072824276, 0xc00e002c)". Certificate is stored in LocalMachine\My location and has read only access set for ASPNET process.
A:
Here are two common reasons a certificate is considered "invalid":
You don't have the private key associated with the certificate. If you don't have the private key, you need to re-install the cert with the private key, or get a new cert for which you do have the private key.
The certificate is issued by a certificate authority that is not trusted by your computer. If this is the problem, you need to install the issuing authority's certificate into your "Trusted Root Certificate Authority" store (there are security risks involved with doing this so make sure you read the pop-up warning that will come up when trying to do this).
View the certificate in the CertMgr.msc to see if its one of these issues. (Start > Run > CertMgr.msc > Personal > Certificates).
RichAmberale
2009-11-09 19:54:21
It is strange because if I install certificate into current user's certificate store and then impersonate ASP.NET process to use current account, then everything works fine.
Sazug
2009-11-10 06:57:11
It sounds like the ASP.NET process does not have read access to the root cert store and therefore it can't get the private key. See the answer to this question about granting ASP.NET access to the cert: http://stackoverflow.com/questions/1271497/asp-net-permissions-to-root-certificate-store
RichAmberale
2009-11-10 15:28:18