3 posts tagged “x509”

View other items tagged “x509:” Photos, Audio, Videos, Books or Links. View “x509” on Vox.

Generating a self-signed certificate

There is a great tutorial on generating certificates below using both OpenSSL and the makecert methods.

http://www.codeplex.com/wikipage?ProjectName=webserver&title=HTTPS

Post a comment Tags: security, certificates, x509, self-issued

Automating your certificate installation

When was the last time you decided you needed to deploy a product of yours. How often is it that you run into a situation where configuration and the manual to installation of your projects becomes a royal pain in the neck? Well, for most, maybe not all that often, but for the few in the corporate world - this may happen all too often.


It's nice having ClickOnce features to do a lot of the work for us. But unfortunately ClickOnce can't handle all the nitty gritty components we would like it to.

Tool Number 1: Automated Installation of Certificates into the Certificate Store
You can use the CertMgr.exe to automate the use of importing certificates into a certificate store. The CertMgr comes with the .NET Framework SDK Tools and is typically located in  %ProgramFiles% \Microsoft SDKs\ Windows\ v6.0A\bin\certmgr.exe. Executing the following will import a certificate into the localmachine personal certificate store.

certmgr /add MyCertificate.pfx /r LocalMachine /s My -all
certmgr /del /n "My CertSubject Name" /r LocalMachine /s My -c

This makes it especially useful when you are working with services that require use of certificates. Believe it's a pain :/
Unfortunately, this method will not work for certificates that are password protected. For that, you can write up a little C# program that will take care of those password protected situations.

using System;
using System.Security.Cryptography.X509Certificates;
 
namespace AddCert
{
    class Program
    {
        static void Main(string[] args)
        {
            if (args.Length != 7 && args.Length != 5)
                Console.WriteLine("Usage: addcert cert.pfx /r LocalMachine /s My /pass mypass");
 
            string path = args[0];
            StoreLocation sl = (StoreLocation)Enum.Parse(typeof(StoreLocation), args[2]);
            StoreName sn = (StoreName)Enum.Parse(typeof(StoreName), args[4]);
 
            X509Store store = new X509Store(sn, sl);
            store.Open(OpenFlags.ReadWrite);
            if (args.Length == 5)
                store.Add(new X509Certificate2(path));
            else if (args.Length == 7)
                store.Add(new X509Certificate2(path, args[6]));
            store.Close();
        }
    }
}
 
To use that, you can simply compile to the exe, and run that from a batch file like anything else you can do.

Enjoy :)

Post a comment Tags: tools, automation, c#, deployment, certificates, x509, certmgr

Working with X509Certificates, Keysets and the Certificate Store

A thousand times over, I will explain this one seemingly simple concept. Whenever you feel like you are running into a keyset does not exist issue. There are several plausible causes to this.


As a quick measure, open Start - Run and type in MMC.

Click File - Add/Remove Snap-In - Select Certificates and Click Add. Select Computer and Local. Then OK.
  1. Make sure that the certificate you are looking for is actually in the certificate store. You can see above that I am in the Local Machine certificate store. If you are attempting to load a certificate from the LocalMachine Personal Store then it should be located there.

  2. Does the certificate have a private key? Every certificate is associated with a private key, but it may not actually be available with the certificate itself. And, depending on how you imported the certificate, many times the private key may have been imported under your user account - but if you by chance copied a certificate into a different store, the private key may not go with it. It's important that you import the certificates to the right place the first time.

  3. Does your process have sufficient rights to access the certificate? With a web-application you will need to grant the web app access through a tool called winhttpcertcfg.exe. Otherwise, you will probably need to run the process under the same account that the certificate is running with. System is sufficient for a certificate in the Local Machine. For developing in Vista and above, simply run Visual Studio in Administrator mode and you should have access to it.
And in case you were wondering exactly how to load a certificate in the first place. It's actually quite trivial. Use the following snippet to help with that.

X509Certificate2 cert = null;
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);

X509Certificate2Collection coll = store.Certificates.Find(X509FindType.FindBySubjectName, 
"MyCertSubjectName", false);
if (coll.Count == 1)
cert = coll[0];

store.Close();
return cert;

Enjoy :)

Post a comment Tags: c#, loading, certificates, exceptions, x509, certificate store, keyset not found
Thomas Holloway

About Me

Thomas Holloway
United States
View my profile
worry less, do more
Messaging:
Send

My Groups

View my groups

Neighborhood

Explore friends, family, friends & family, or entire neighborhood.

View my neighbors

Tags

View my tags

Archives