X.509 certificate can't find with "FindBySubjectName"

wcf ssl certificate x509certificate wcf-security
40,707

Solution 1

I think..You installed certificate at location Trusted People and searching at store name my

var store = new X509Store(StoreName.TrustedPeople, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
var certs = store.Certificates.Find(X509FindType.FindBySubjectDistinguishedName, certificateSubject, false);

Also there are two search terms FindBySubjectName or FindBySubjectDistinguishedName, the later is more relevant with keywords and first one will find anything with search keywords.

So basically you need to look for Subject and if you use above code then your search string would be .."CN=urs.microsoft.com, O=DO_NOT_TRUST, OU=Created by http://fiddler2.com"

Certificate properties

Solution 2

https://i.stack.imgur.com/QtYvV.png

private X509Certificate2 GetCertificateFromStore()
        {
            var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
            store.Open(OpenFlags.ReadOnly);
            var certCollection = store.Certificates;
            var currentCerts = certCollection.Find(X509FindType.FindBySubjectDistinguishedName, "CN=sf.sandbox.mapshc.com", false);
                return currentCerts.Count == 0 ? null : currentCerts[0];
        }
Share:
40,707
Chris Dixon
Author by

Chris Dixon

I'm a Senior Programmer specialising in .NET Core (C#), JavaScript (Vanilla/MVVM) and surrounding technologies. LinkedIn: https://www.linkedin.com/in/chris-dixon-69938829

Updated on July 09, 2022

Comments

  • Chris Dixon
    Chris Dixon almost 2 years

    After a brutal struggle with WCF Security, I think I'm at the final stage now and can see the light.

    I've got a Client certificate installed on my server, and is now, as advised, in the Trusted People folder of the certificate store.

    However, when I try and read the certificate application -> service, I get this error:

    Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'CurrentUser', FindType 'FindBySubjectName', FindValue 'Forename Surname'.

    With the "Forename Surname" being the "Issued to" part of my certificate. In all tutorials I have seen, this is just one word; is this the problem? I received my certificate from my CA with these two words, with a space.

    Anyone ever come across this, is there something I'm blatantly doing wrong?

    Update, cert can be seen here:

    enter image description here

    Update:

    It gets even more strange:

    I installed Visual Studio on my web server, and used the following code to pick up the cert by Thumbprint: 

    var store = new X509Store(StoreName.TrustedPeople, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
var certs = store.Certificates.Find(X509FindType.FindByThumbprint, "71995159BFF803D25BFB691DEF7AF625D4EE6DFB", false);

    This actually RETURNS a valid result. When I put this information into the web.config of my service/client though, I still get the error.

  • Chris Dixon
    Chris Dixon over 11 years
    I've tried both of those - storeName "TrustedPeople" and "FindBySubjectDistinguishedName" still return no results, how frustrating! I've updated my post with an image of my cert, should I definately be using "CurrentUser" and not "LocalMachine" ? The service and client are on the same web box.
  • indiPy
    indiPy over 11 years
    if edits doesn't work, can you post screenshot of subject like I did and also code as well.
  • Chris Dixon
    Chris Dixon over 11 years
    I've got my Subject, but it's far more detailed than the sceenshot above, it has address, postcode, email, etc, a very long string when all together. Do I need all of this?
  • indiPy
    indiPy over 11 years
    I think it doesn't matter.. but you don't have to search with all keywords, just use which are unique in context.
  • George Chakhidze
    George Chakhidze about 5 years
    Pecualiar thing about searching using Distinguished Name is that it must be formatted verbatim as it is encoded inside the ASN.1 data, for example, "CN=Name, O=Company" is valid, while "CN=Name,O=Company" and "CN = Name, O = Company" are invalid. I'd suggest formatting it first using this code: new X500DistinguishedName("CN=Name,O=Company", X500DistinguishedNameFlags.None).Format(false) and passing returned value to Find method.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

WCF Exception - The client certificate is not provided
How to call the default certificate check when overriding ServicePointManager.ServerCertificateValidationCallback in C#?
How to make X.509 certificate?
Issue with Self Signed Cert in WCF - Must have Private Key
Certificate stops working after computer reboot
A call to SSPI failed, see inner exception when running the call a second time?
Signing SOAP messages using X.509 certificate from WCF service to Java webservice
How can I use WCF with the basichttpbinding only , SSL and Basic Authentication in IIS?
'MANAGE PRIVATE KEYS' option missing
How to display the Subject Alternative Name of a certificate?