Create an x509.v3 self-signed Certificate for SAML signing and encryption, Windows 8 R2

StackOverflow https://stackoverflow.com/questions/17867364

Pergunta

I have written an application to generate a SAML2 token for use in SSO. It uses System.Security.Cryptography.X509Certificates to sign the XML and Encrypt the assertion.

We will be buying a Certificate for our Production environment, but right now I need to test from our integration server with a self created cert. I have created one using MakeCert and loaded it into the LocalMachine Location in the My Store. This works when I'm localhost but gives the following error when accessed remotely: 

The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.

  System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) +369
   System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) +151
   System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() +85
   System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize) +280
   System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey() +468
....

I have downloaded winhttpcertcfg and used it to give the domain account used for the Application Pool for the site (SharePoint2010), and for NetworkService, access to the cert but this had no effect.

Can anyone point me to a resource that explains how to properly create and implement a self-signed cert for XML signing and encryption in Windows 8?

Foi útil?

Solução

This required creating a Certifying Authority installed in the localmachine Trusted Root Certifying Authority and then using it to sign a certificate used by the application.

This link provided the details that allowed me to accomplish this: http://www.digitallycreated.net/Blog/38/using-makecert-to-create-certificates-for-development

Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top