tags:

views:

122

answers:

1
+2  Q: 

Cannot find a unique certificate that matches the criteria

I am running into the following error when attempting to parse my token:

Property name: 'certificateReference'
Error: 'ID1025: Cannot find a unique certificate that matches the criteria.
StoreName: 'My'
StoreLocation: 'LocalMachine'
X509FindType: 'FindByThumbprint'
FindValue: '‎41a8a59e537d4a00a8c4fa8dc2522388dbd13d27'

The section in my web.config is:

<serviceCertificate>
<certificateReference x509FindType="FindByThumbprint" findValue="‎41A8A59E537D4A00A8C4FA8DC2522388DBD13D27" storeLocation="LocalMachine" storeName="My" />
</serviceCertificate>

I have confimed the certificate exists in IIS, MMC and Internet Explorer and have tried changing the Find type to subject with no avail. I have also tried the thumbprint to be upper case, lower case, with spaces and without spaces. I have also confirmed the certificate exists LocalMachine\My with the following results:

Matching certificate:
CN=kelly-pc

Additional accounts and groups with acces to the private key include:
NT AUTHORITY\SYSTEM
BUILTIN\Administrators
KELLY-PC\Kelly
BUILTIN\IIS_IUSRS

A: 

Probably you use self-issued certificate and you should add also the line

<issuedTokenAuthentication allowUntrustedRsaIssuers="true" />

inside <serviceCertificate> which should use together with <certificateReference>.

Oleg  2010-07-14 12:08:37
I had added the certificate into the trusted providers section and it still was not found.In any case I created another simple solution with new self-issued certificates and the the project worked!
Kjaneb  2010-07-16 01:19:44

related questions

Java: How to show a dialog to let the user accept SSL certificates
How can I use a ssl wildcard certificate to mutually authenticate several WCF servers via X509?
Creating an X509 Certificate in Java without BouncyCastle?
Cert_Cookie Server Variable
Convert certificate .pem to .der/.cer
Exception When Reading OCSP Signing Certs in Java
Missing Client-Certificate´s PrivateKey
Bad OpenSSL certificate
How to get the SSL certificate of a server running a web service from the client app? - C# .NET
REST service & X.509 client-side certificate
"An internal error occurred." when loading pfx file with X509Certificate2
How to obtain a working X509Certificate for my WCF Service hosting
Get REAL X.509 data from RFC1421 formatted certificate.
retreive certificate using subject id; USER Vs Machine
X509 guide/tutorial in C#
Can it make the x509Certificate not expire?? If so, how??<EOM>
Get list of certificates from the certificate store in C#
.Net - X509Certificate2 vs X509Certificate
x509 certificate for only one application - which OIDs to choose
Missing X509 extensions in certificates created with Certificate Assistant
How to get the certificate into the X509 filter (Spring Security)?
Install client certificate for IIS App Pool account
Issue certificate for a PKCS#10 CSR without Cert template. 0x80094801 MS W2K3 enterprise CA
X509Certificate.CreateFromCertFile - the specified network password is not correct
Programmatically Create X509 Certificate using OpenSSL