x509certificate2

Why does X509Certificate2 sometimes fail to create from a blob?

I have an ASP.NET web service which is receiving a byte array representing the contents of a pfx file containing an X.509 certificate. The server-side code is using the System.Security.Cryptography.X509Certificate2 constructor to load the certificate from the bytes: X509Certificate2 native_cert = new X509Certificate2( pkcs12_buf...

How to read Pkcs#7 certificate chain from file/stream in C#?

I have two certificates that I saved to disk. One is a certificate with private key that I exported as a .pfx file, the other one is a certificate that I saved including its certificate chain as a PKCS#7 file ("certchain.p7b"). In C# I can now load the .pfx file with var cert = new X509Certificate2(myPfxFileStream); (myPfxFileStrea...

DOD Common Access Card (CAC) Authentication

I have figured out all the necessary steps to get DOD CAC card based client certificate authentication working in Apache, but am now struggling to pull a good GUID for the user from the certificate I am receiving. Is there a GUID available on the certificate that will not change when the CAC card is renewed? I was thinking of using the...

[Ruby] OpenSSL verify certificate from own CA

Hello all and thanks for your time reading this. I need to verify certificates issued by my own CA, for which I have a certificate. How can I do the equivalent to openssl's openssl verify -CAfile in Ruby code? The RDoc for OpenSSL is not very helpful in this regard. I've tried: require 'openssl' ca = OpenSSL::X509::Certificate.ne...

Create certificate for a client app in .NET

I'm looking for a server app to be routinely generating certificates for client applications using self-signed root. Is there any streamlined process in .NET to programmatically generate those certificates? I can, of course, keep spawning makecert or openssl, but I was looking for more programmatic, in-memory method, when you just get X...

read client certificate from httprequest C#

I am trying to read an X509 certificate using Request.ClientCertificate but nothing is returned. The certificate is definitely being attached to the request because I can get the certificate information from the page sending the request. I have tried reading the certificate from several different places but cannot seem to get it to work...

Exporting X.509 certificate WITHOUT private key (.NET C#)

Hi everyone, I thought this would be straightforward but apparently it isn't. I have a certificate installed that has a private key, exportable, and I want to programmatically export it with the public key ONLY. In other words, I want a result equivalent to selecting "Do not export the private key" when exporting through certmgr and e...

How do I get the X509Certificate sent from the client in web service?

Hello all - Apparently I was asking the wrong question in my earlier post. I have a web service secured with a X.509 certificate, running as a secure web site (https://...). I want to use the client's machine certificate (also X.509) issued by the company's root CA to verify to the server that the client machine is authorized to use t...

How to get X509Certificate from an arbitrary HTTPS URL?

I'm using HttpWebRequest to pull a page from an arbitrary HTTPS URL. In addition to the actual page result, I want to get an X509Certificate2 instance for the remote server I just talked to. I'm sure the public certificate is on the computer somewhere because its chain had to be validated as part of the request. How can I get access t...

C# Export cert in pfx format

Hi im trying to use .Net and c# to export a certificate from the cert store into a PFX file. I'm trying to use the X509certificate2.export method wiht the X509ContentType.Pfx flag set, but am unsure how to handle the returned byte array and output it correctly to file. Any help appreciated. Thanks Mark ...

In C#, sign an xml with a x.509 certificate and check the signature

Hi I'm trying to sign an XML file using a x.509 certificate, I can use the private key to sign the document and then use the CheckSignature method (it has an overload that receives a certificate as parameter) to verify the signature. The problem is that the user who validates the signature must have the certificate, my concern is, if t...

Prompt user for password when grabbing X509Certificate from X509Store?

I have a C# form (running on the client machine) which gathers all the user X509Certificates from the store, presents them to the user so they can pick the one they want to use. Then I pass the cert off to a webservice to do some work. This all works great! Problem is, the user is never prompted for the X509Certificate password? I can'...

X509Certificate2 validation on web service

Hi, I'm developing WCF web service that checks if a certificate in XML signature is valid. XML is signed with qualified and valid X509 certificate. While I am running service within Visual Studio development environment X509Certificate2.Verify() and X509Chain.Build() methods return TRUE. But when I publish my service under IIS these met...

Minimal client which supports message-level security over the channel interface

I'm trying to build a minimal client for a WCF service, using the WSHttpBinding with SecurityMode: Message over a direct channel interface. My current code is very simple: EndpointIdentity i = EndpointIdentity.CreateX509CertificateIdentity(clientCertificate); EndpointAddress a = new EndpointAddress(new Uri("http://myServerUrl"), i); WS...

Converting a PKCS12 certificate to PEM certificate in .NET and vice versa?

PKCS12 certificate is stored in binary format while PEM certificate is an ASCII file which can be opened and viewed in a text editor. Q1. How can I convert a PEM ceritificate of the form below to a PKCS12 certificate programmatically? -----BEGIN CERTIFICATE----- *****CERTIFICATE DATA***** -----END CERTIFICATE----- -----BEGIN RSA PRIV...

Does X509Certificate2 functionality exist in VBA ?

I have a VBA application that returns an HTTPS file but it stops to ask for the Certificate. C# has this code: Dim wr As HttpWebRequest = CType(WebRequest.Create("https://www.xxx.net?RunDate=2009-09-29"), HttpWebRequest) wr.ClientCertificates.Add(New System.Security.Cryptography.X509Certificates.X509Certificate2(myCert, myCertPW)) Is...

Signing a PDF file

I use iTextSharp to sign a PDF file. But Adobe Reader cannot verify my signature. I use SHA-2 test certificate (I tried also SHA-1) generated by certification authority. I have installed root certificate for test certificates of this authority. public static void SignHashed(X509Certificate2 card, Stream input, Stream output) { Org.B...

SignedCms.CheckSignature() with renewed cert -> new serial?????

hi programming folks, i am using SignedCms.CheckSignature(certColl, true) (with only one cert in certColl) to verify the signature of a pkcs-7 message. My problem is that i dont want to change the (public part of the) signers certificate on my server after the signer has renewed his certificate :-( The public key, issuer and subject a...

PInvoke - crypt32.dll - CertStrToName and CertCreateSelfSignCertificate - how to set the issuer name and password

We currently use self-signed server certificates in our Windows-to-WCF application. The certificates are created with the following commands in a batch file: makecert -sv CERTNAME.pvk -n "CN=SUBJECTNAME" CERTNAME.cer -sky exchange cert2spc CERTNAME.cer CERTNAME.spc pvk2pfx -pvk CERTNAME.pvk -spc CERTNAME.spc -pfx CERTNAME.pfx I have b...

Can I use an X509Certificate2 within ASP.NET without using a certificate store?

I am trying to use an X509Certificate within an ASP.NET web service within the Rackspace Cloud. I have a feeling the certificate stores on the cloud nodes maybe causing problems. I also have a question related to this with the exception that I am receiving at SslStream.AuthenticateAsClient Exception when using iPhone Apple Push Notific...