Sending Digital Certificates

StackOverflow https://stackoverflow.com/questions/16253412

Question

I used the makecert tool in order to create:

  1. a self-signed certificate
  2. a server certificate using the self-signed certificate
  3. a client certificate using the self-signed certificate

I then installed the self-signed certificate in the Trusted Certificate Authorities section in mmc.

The server certificate and the client certificate were installed in the Personal section in mmc.

I then deployed a web service in IIS as HTTP using the server certificate.

I then have another application which makes use of the web service. It sends the client certificate with the web service request, as shown below:

public static void Main(string[] args)
        {
            X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
            store.Open(OpenFlags.ReadOnly);
            X509Certificate2Collection col = store.Certificates.Find(X509FindType.FindBySubjectName, "client.com", true);

            if (col.Count == 1)
            {
                ServicePointManager.Expect100Continue = true;
                ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls;

                ClientServices web_service = new ClientServices();
                web_service.ClientCertificates.Add(col[0]);

                try
                {
                    string check = web_service.CheckCertificate();

                    Console.WriteLine(check);
                }
                catch (WebException e)
                {
                    Console.WriteLine(e.Message.ToString());
                }
            }

            else
            {
                Console.WriteLine("The certificate was not found!");
            }
            Console.ReadKey();
        }

On the server-side, I am checking for the client certificate like this:

[WebMethod]
        public string CheckCertificate()
        {
            string message;

            try
            {
                X509Certificate2 cert = new X509Certificate2(Context.Request.ClientCertificate.Certificate);                

                if (cert != null)
                {
                    message = cert.SerialNumber.ToString();
                }

                else
                {
                    message = "Error: No certificate was found!";
                }
            }
            catch (Exception e)
            {
                message = e.Message.ToString();
            }
            return message;
        }

Whenever I run the client app, I am getting the following error message:

The request was aborted. Could not create SSL/TLS secure channel.

How can I solve this problem?

Was it helpful?

Solution

I found the culprit.

I installed the WinHttpCertCfg tool and granted access to the private key of the certificate.

The command I used is this:

WinHttpCertCfg.exe -g -c LOCAL_MACHINE\MY -s "<name of certificate>" -a EVERYONE
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top