ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,612 questions
Why wouldn't an app recognize a Certificate with a CSP of "Microsoft Software Key Storage Provider"...
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 54%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDG%3C/text%3E%3C/svg%3E)
David Gursky
0
Reputation points
...but will recognize the same Cert with the CSP set to "Microsoft Enhanced RSA and AES Cryptographic Provider"?
In other words, the app fails when I import the certificate into the server's local key store like this:
certutil.exe -importpfx <certificate file path>\<certificate file>
but works if I override the CSP like this:
certutil.exe -csp "Microsoft Enhanced RSA and AES Cryptographic Provider" -importpfx <certificate file path>\<certificate file>
Here is the relevant section of code:
var store2 = X509CertificateStore.LocalMachineStore(X509CertificateStore.MyStore);
store2.OpenRead();
var coll2 = store2.FindCertificateBySubjectString(ConfigurationManager.AppSettings["<redacted>"]);
if (coll2.Count > 0) {
var cert2 = coll2[0];
var certType = cert2.GetType();
var cert3 = new X509Certificate2(cert2);
certType = cert3.GetType();
if (cert2.SupportsDigitalSignature) {
svc.ClientCredentials.ClientCertificate.Certificate = new X509Certificate2(cert2);
}
}
else throw new Exception("Certificate attachment failed.");
var currentUser = SessionHelper.CurrentUser;
var svcAddress = Settings.Default.App_Service_WebService;
results = svc.getresultsByPersonIdentifier(PersonIdentifier.Text, identifier.PI, out responseCd, out responseMsg);
The code throws an Invalid Service Provider when it invokes the web service at the end of the snippet.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 78%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBZ%3C/text%3E%3C/svg%3E)
Brando Zhang-MSFT 3,706 Reputation points Microsoft Vendor2024-08-19T01:52:48.2833333+00:00 In my opinion, this is related with the certificate you have imported and used, the default provider and the Microsoft AES Cryptographic Provider is the different, details, you could refer to this article.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 60%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDG%3C/text%3E%3C/svg%3E)
David Gursky 0 Reputation points2024-08-19T15:35:21.4366667+00:00 Thank you for responding , but I am afraid I do not understand how the article you referenced helps me resolve my issue. I understand that the article tells me the difference between the Base Provider, Strong Provider, and AES Provider. By the same token, I do not understand where to look in my app / server to identify / update the mismatch between this new X.509 certificate and what you are alluding to.
Sign in to comment
Sign in to answer