Empty PrivateKey at x509certificate2
I installed the certificate in local store (win7) with a private key. In C # code, I do this:
X509Certificate2 cert = null;
var store = new X509Store(storeName, storeLocation);
store.Open(OpenFlags.ReadOnly);
try
{
var result = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
cert = result.Count > 0
? result[0]
: null;
}
finally
{
store.Close();
}
return cert;
In the cert variable , I have my certificate. BUT something is wrong: HasPrivateKey is true, but PrivateKey does not have any object. And if I post it with a REST request in the C # code of my web application, I have errors:
AcquireCredentialsHandle() failed with error 0X8009030D.
The request was aborted: Could not create SSL/TLS secure channel.
All rights are granted for the certificate in the store. Help with this, what's wrong?
Certutil result in Russian (I hide confidential information with "***"):
certutil -store my "cf 35 63 34 14 30 a0 32 ca 4a 58 b9 7a 7a ab 18 a4 47 7d a4"
================ 0 ================
: 100030
: ******************************
NotBefore: 07.07.2015 5:00
NotAfter: 24.12.2023 4:59
: ********************************
:
(sha1): cf 35 63 34 14 30 a0 32 ca 4a 58 b9 7a 7a ab 18 a4 47 7d a4
= 94c3b04b44d51674a1b7de89c10bd7d7_09614f03-cc81-44e6-a978-81773242876c
: CertReq-ceda22d5-2893-496a-b8c1-5c9ceaed82f1
= Microsoft Strong Cryptographic Provider
source to share
I solved the problem. I removed the certificate from the store, then exported the installed certificate from the current user store to a .pfx file and imported it into the machine store. The PrivateKey now has an object. In the next step, I changed the protocol type from Tls to Tls12 (works for Win7 +):
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
source to share