tags:

views:

321

answers:

1
+1  Q: 

Object contains only the public half of a key pair.

Upon installation of a client side certificate, I am getting the exception "Object contains only the public half of a key pair. A private key must also be provided". My application is a VC#.NET application running over an ASP.NET platform. The application also uses WSE 2.0 to import certificates into making SOAP requests.

Upon research, I've found that this exception is of type System.Security.Cryptography.CryptographicException.

I am pretty positive all my WSE settings are configured correctly, since I was able to find a similar certificate by subject-distinguished-name. Any ideas will be greatly appreciated.

A: 

I was recently having the same problem. I found one explanation here that worked for me. Specifically, the permissions for the private key. The full info is copied below.

There are a couple things that I would look at first:

  1. Do you have a private key for this certificate?
  2. Have you given permission for youf application to access the private key?

You can establish whether you have a private key by viewing the certificate through the Windows Certificate Store. To get to this, follow these steps:

  1. From the Windows Start menu, select Run.
  2. Type mmc in the Open: field. Click OK
  3. Select "Add/Remove Snap-in" from the File menu.
  4. Click the Add button.
  5. Select "Certificates" from the list of Available Standalone Snap-ins. Click the Add button.
  6. Select "Computer account." Click Next.
  7. Select "Local Computer". Click Finish.
  8. Click Close.
  9. Click OK.
    1. Expand the Certificates node under the Console Root and open the Personal store.
    2. Double-click the Certificate you're using. If you have a private key, the dialog will display a message at the bottom that says "You have a private key that corresponds to this certificate".

If you have a private key, then ensure that your application has permission to access the key:

  1. Open Windows Explorer.
  2. Navigate to the C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys folder.
  3. Select the files containing the keys that the WSE will need to retrieve.
  4. From the File menu, select Properties.
  5. On the Security tab, add the ASPNET account and select th e Full Control option.
  6. Notes: 1. Determining which key file in the MachineKeys folder is associated with a certificate can be difficult. One easy method is to note the creation date and time when creating a new certificate. When you view the files in the MachineKeys directory, check the Date Modified field for the corresponding date and time. 2. If you have configured your system to run under a different account than ASPNET, use that account when granting permissions to access the certificate.
81bronco  2010-08-09 14:39:31

related questions

Install certificates in to the Windows Local user certificate store in C#
How to automate importing certificates on a Windows CE device?
XMPP Server-to-Server for Gmail.com/Jabber.org
Signing a Windows exe file
Code Signing Certificate Options
Who sells the cheapest EV SSL certificate?
How can I deploy an iPhone Application from Xcode to real iPhone device
Where does makecert store the private key if -sv is not specified?
Tool for Viewing X.509 Certificates?
Cannot find the X.509 Certificate using the following search criteria:
How can I convert a SSL certificate from PEM to DER and keep the private key?
IE: Choose a digital certificate from a blank, empty list
Is it possible to use ServicePointManager with Webbrowser control?
How to disable "Security Alert" window in Webbrowser control
Cheapest Java Code Signing Certificate? (not self-signed)
Security implications of disabling the Common Name check for HTTPS
XPI signing linux no gui
How do you sign your Firefox extensions?
How do I sign a Java applet using a certificate in my Mac keychain?
WCF Routing Message Security
Enumerating Certificate Fields in C#
Why is this X.509 certificate considered invalid?
Custom X509SecurityTokenManager ignored
C# utility to create a CA
Java Code Signing Certificates...same as SSL Certificate?