Reading certificate hash from remote server

Question

I receive an error when trying to get a certificate hash from a remote machine using the following code:

private string getCertHash(string Hostname)
{
    string result = "";

    using (ServerManager serverManager = ServerManager.OpenRemote(Hostname))
    {
        SiteCollection siteCollection = serverManager.Sites;
        foreach (Site site in siteCollection)
        {
            foreach (Binding binding in site.Bindings)
            {
                if (binding.Protocol == "https")
                {
                    // Error here
                    foreach (Byte certhashbyte in binding.CertificateHash)
                        result += certhashbyte.ToString(); 
                }
            }
        }
    }

    return result;
}

The error I receive in more detail:

'binding.certhashbyte' threw an exception of type 'System.Runtime.InteropServices.COMException'

Either the application has not called WSAStartup, or WSAStartup failed. (Exception from HRESULT: 0x8007276D)

If I replace the following row:

using (ServerManager serverManager = ServerManager.OpenRemote(Hostname))

with

using (ServerManager serverManager = new ServerManager)

to use the local server it works fine.

Note that using ServerManager.OpenRemote(Hostname) works in general (I get all the other information, just the CertHash info results in an error. I have admin rights on both machines (local and remote). System is Windows 2008 R2 using IIS 7.5.

Please tell me what I'm doing wrong / what is missing / why the error occurs.

Answer 1

For some reason the code above now works fine. I couldn't find out why it did not work, but I did find some alternatives I want to share:

1. Using this code and here an example usage:

   CertStoreReader certStoreReader = new CertStoreReader();
   foreach (X509Certificate2 x509 in certStoreReader.GetCertificates(credentials.Hostname))
   {
       certHash = x509.GetCertHashString();
   }
   

2. Using the ServerManager as first tried above (in the question)

   using (ServerManager serverManager = ServerManager.OpenRemote(server))
   {
       Site site = serverManager.Sites.Where(s => s.Name == websiteName).Single();
       foreach (Binding binding in site.Bindings)
       {
           certHash += BitConverter.ToString(binding.CertificateHash).Replace("-", string.Empty);      
       }              
   }
   

3. Using DirectoryEntry

   DirectoryEntry dir = new DirectoryEntry(@"IIS://" + server + @"/W3SVC/" + siteID);
   PropertyValueCollection vals = dir.Properties["SSLCertHash"];
   foreach (string entry in vals)
   {
       certHash += entry;
   }
   

4. Using WMI. I used this query in the WebAdministration namespace:

   "SELECT CertificateHash FROM SSLBinding WHERE IPAddress = '" + IP + "' AND Port = " + port
   

Answer 2

Or you could just simply do:

using (var store = new X509Store(@"\\[RemoteMachineName]\My", StoreLocation.LocalMachine))
{
    store.Open(OpenFlags.ReadOnly);
    certificates = store.Certificates;
}

Just make sure you have the right permission to access the remote machine certificate store.