Install certificates in to the Windows Local user certificate store in C#

Question

I'm writing a windows service that needs serveral certificates in the certificate store in order to connect to a third party web service.

On my installer I call a small application (C#) that creates a user to run the service as.

Works fine.

I now need to install about 10 certificates (don't ask!) into the users certificate store but can't find any succincet programatic way to do so.

Any hints? Or am I going to have to use com interop...

Answer 1

Turns out you first need to impersonate the user.

Using this very nice lib (http://www.codeproject.com/KB/cs/zetaimpersonator.aspx) you can do the following:

using (new Impersonator("username", "", "password"))
{
 try
 {
  X509Store serviceRuntimeUserCertificateStore = new X509Store(StoreName.My);
  string baseDir = AppDomain.CurrentDomain.BaseDirectory;
  string certPath = Path.Combine(baseDir, certificateFolder);

  string certificateFile = "c:\\file.cert";
  string certificatePassword = "somePassword";   
  string certificateLocation = certPath + "\\" + certificateFile;

  InstallCertificate(certificateLocation, certificatePassword);
 }
 catch (Exception ex)
 {
  Console.WriteLine(ex);
 }
}

private static void InstallCertificate(string certificatePath, string certificatePassword)
{
 try
 {
     var serviceRuntimeUserCertificateStore = new X509Store(StoreName.My);
        serviceRuntimeUserCertificateStore.Open(OpenFlags.ReadWrite);

  X509Certificate2 cert;

  try
  {
   cert = new X509Certificate2(certificatePath, certificatePassword);
  }
  catch(Exception ex)
  {
   Console.WriteLine("Failed to load certificate " + certificatePath);
   throw new DataException("Certificate appeared to load successfully but also seems to be null.", ex);
  }

  serviceRuntimeUserCertificateStore.Add(cert);   
  serviceRuntimeUserCertificateStore.Close();
 }
 catch(Exception)
 {
  Console.WriteLine("Failed to install {0}.  Check the certificate index entry and verify the certificate file exists.", certificatePath);
 }
}

Please add your own exception handling. If you're adding multiple certificates keep the X509Store open for the duration for efficency.

Answer 2

How do you get rid of the popup if you want to install in StoreName.Root?

is there any sneaky way?

thanks, Christian

Answer 3

hi, Im trying to download the certificate through code. But somehow its not getting downloaded. when i debug and see there is no error but the certificate does not get downloaded. I have also copied the code required for impersonation. Any help will be appreciated.