Working with X509Certificates, Keysets and the Certificate Store
A thousand times over, I will explain this one seemingly simple concept. Whenever you feel like you are running into a keyset does not exist issue. There are several plausible causes to this.
As a quick measure, open Start - Run and type in MMC.
Click File - Add/Remove Snap-In - Select Certificates and Click Add. Select Computer and Local. Then OK.
- Make sure that the certificate you are looking for is actually in the certificate store. You can see above that I am in the Local Machine certificate store. If you are attempting to load a certificate from the LocalMachine Personal Store then it should be located there.
- Does the certificate have a private key? Every certificate is associated with a private key, but it may not actually be available with the certificate itself. And, depending on how you imported the certificate, many times the private key may have been imported under your user account - but if you by chance copied a certificate into a different store, the private key may not go with it. It's important that you import the certificates to the right place the first time.
- Does your process have sufficient rights to access the certificate? With a web-application you will need to grant the web app access through a tool called winhttpcertcfg.exe. Otherwise, you will probably need to run the process under the same account that the certificate is running with. System is sufficient for a certificate in the Local Machine. For developing in Vista and above, simply run Visual Studio in Administrator mode and you should have access to it.
And in case you were wondering exactly how to load a certificate in the first place. It's actually quite trivial. Use the following snippet to help with that.
X509Certificate2 cert = null;
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection coll = store.Certificates.Find(X509FindType.FindBySubjectName,
"MyCertSubjectName", false);
if (coll.Count == 1)
cert = coll[0];
store.Close();
return cert;
Enjoy :)
My Groups
-
Social Media Group Updated: Yesterday
-
Technology and I Updated: Yesterday
-
Web 2.0 Updated: Yesterday
Neighborhood
Explore friends, family, friends & family, or entire neighborhood.
