Asp.Net CertEnroll CX509CertificateRequestPkcs10 Exception
https://stackoverflow.com/questions/11421502
-
20-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have an asp.net 4.0 project that uses a combination of Bouncy Castle and the .Net framework to create an X509 certificate.
It runs properly on my W7 dev machine but when installed on W2008 (32 bit, not r2) this bit of code:
CX509CertificateRequestPkcs10 csr = new CX509CertificateRequestPkcs10();
throws this exception:
Unable to cast COM object of type 'System.__ComObject' to interface type 'CERTENROLLLib.CX509CertificateRequestPkcs10'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{728AB35B-217D-11DA-B2A4-000E7BBB2B09}' failed due to the following error: No such interface supported (Exception from HRESULT: 0x80004002 (E_NOINTERFACE)).
Initially I thought it might be a 64-bit server issue since COM is only 32-bit compatible but the server is 32 bit.
The app is built using Framework 4.0 and the IIS AppPool assigned is running 4.0, Integrated mode, with an Identity of "Network Service" - all exactly as on my dev machine, as the the client browser used (IE8 32).
Does W2008-32 (Standard) not implement CERTENROLLLib out of the box? Does anyone know how to make it behave in this circumstance?
Thanks for any suggestions!
Solution
When you instantiate CX509CertificateRequestPkcs10 object specify explicitly what interface you want to use (by ProgID). In Win2008 R2 Microsoft overwrote the interface. Instead of:
CX509CertificateRequestPkcs10 objPkcs10 = new CX509CertificateRequestPkcs10();
use:
IX509CertificateRequestPkcs10 objPkcs10 = (IX509CertificateRequestPkcs10)Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CX509CertificateRequestPkcs10"));
Since in Win2008 R2 Microsoft overwrote the interface, if the code is written in Win2008 R2 the run time is looking for the new interface GUID and in regular Win2008 it can't be found because Win2008 R2 interface GUID differs from Win2008 interface Guid.
So, object can't be created, and as the result exception is thrown.
Accessing the interface by ProgID solves the issue.
See: TechNet Answer - on W2008-32 one has to specify the Interface GUID when creating the Pkcs10 object, since R2 overwrote the old "standard" interfaces.
