I believe x509 certs are tied to a particular user. Could it be invalid because in the code you are accessing it as a different user than the one for which it was created?
Tim Erickson
2008-09-19 00:05:08
A:
+2
A:
Is the issuer's certificate present in the X509Store? A certificate is only valid if it's signed by someone you trust.
Is this a certificate from a real CA, or one that you signed yourself? Certificate signing tools often used by developers, like OpenSSL, don't add some important extensions by default.
erickson
2008-09-19 00:16:09
+1
A:
Try verifying the certificate chain using the X509Chain class. This can tell you exactly why the certificate isn't considered valid.
As erickson suggested, your X509Store may not have the trusted certificate from the CA in the chain. If you used OpenSSL or another tool to generate your own self-signed CA, you need to add the public certificate for that CA to the X509Store.
David Crow
2008-09-19 00:45:01
The chain certicates are present, but somehow were not accessible to this user. I used this sample code from MSDN to check the chain status: http://tinyurl.com/4wfnng . This code retruns different status depending on the user. I will try to reinstall the certificates. Thanks.
2008-09-19 09:40:56