Makecert problem under Windows 7

Question

I'm creating a certificate to use with an SslStream, and I've been doing it this way under XP:

makecert -r -pe -n "CN=aName" -ss my -sr localmachine -sky exchange 
  -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 server.cer

If I understand this correctly, this creates a certificate in server.cer, and creates a private key for it in my personal certificate store. Once I have done this, I can create a certificate object like this:

X509Certificate.CreateFromCertFile(certFile);

I then use it with the SSLStream, and everything works fine.

Now that I have switched to Windows 7, the private key seems to be disappearing every time I restart the machine. I run a command prompt as Administrator, and execute the same makecert command shown above. This succeeds and the SSL connection works correctly. If I restart the machine, the call to AuthenticateAsServer fails with the exception "The server mode SSL must use a certificate with the associated private key."

Why is the private key disappearing? What do I need to do to make it stick around?

Answer 1

Are you the same user in all cases? When you say "run as administrator", I think you may be causing it to associate the private key with a different user, or maybe the private key file doesn't have proper permissions. If it's a permissions issue, or if you're not sure if the key is disappearing, use the FindPrivateKey tool: http://msdn.microsoft.com/en-us/library/ms732026.aspx I think it's part of the Server2003 tools, but it runs fine on regular XP. So hopefully it'll run on Windows7 too. I'm not at my Win7 machine now.