I
Ivan Zuzak
Hello. Sorry for crossposting, but i didn't have a better idea as to
where to post the question.
I'm using certificates to sign and encrypt SOAP messages, using WSE in .Net.
I want to do the following:
1) Generate a certificate to the system store.
2) Export the certificate from 1) to a file with only the public key, and
then import the file as a certificate into the system store, but on another
computer.
3) Export the certificate from 1) to a file/files, with the public AND
private key, and import the file/files as a certificate into the system
store, but on another computer.
I can do 1) with makecert, like this:
makecert -pe -n "CN=myName" -ss my
The certmgr utility (GUI) confirms that a certificate has been created, and
that a private key exists and can be accessed for this certificate.
Now, for 2) i do this:
certmgr -put -c -n myName -s my myName.cer //export to file
certmgr -add -c myName.cer -sm
The certmgr utility (GUI) confirms that a certificate has been added to the
system store, and that a private key does not exist for this certificate.
But, i'm stuck with 3). I tried a few things, but nothing. ;(. Here are a
few things i tried:
a)Certmgr utility (GUI) allows me to export a certificate with a private key
attached to a .pfx file, and then import it back into a store. But this can
only be dont in the GUI mode of the certmgr utility. I need to automatize
this proces, and make it transparent to the user. The user only has to enter
the password for protecting the file which is being exported, and again when
it is imported. This is what i wish to achieve.
b)The makecert utility has options to generate a .pvk file with the private
key. I'm very confused by this. When i generate a private key to a file, the
private key is not associated with the certificate in the store. Why is
that? How do i tell the WSE (or whatever is in charge for this) that a
private key exists, so i can use it? And, when i try to generate a new
certificate using an existing private key .pvk file - the same thing
happens - the certificate "can't see" the private key.
Any other solution to my problem is ok, so that i can move the certificate
with the private key (or the key pair) from
one computer to another (and rebuild the certificate).
Any ideas?
Also, why can't i add certificates to a X509CertificateStore object? I
create a X509CertificateStore object, specifying the CurentUserersonal
store, get the X509CertificateCollection (using the .Certificates property)
and then add a X509Certificate (loaded from a file) - but nothing happens.
The X509CertificateCollection of the X509CertificateStore object is the same
as before calling the Add() method.
Also, when i load a certificate (created with the -pe opetion set, using the
makecert utility) from the system store to a X509Certificate object, i cant
access the private parameters of the .Key property of the X509Certificate
object. An exception is thrown saying that exporting private parameters is
not supported. The private key is there, but i cant access it.
Thanks in advance,
Ivan Zuzak
where to post the question.
I'm using certificates to sign and encrypt SOAP messages, using WSE in .Net.
I want to do the following:
1) Generate a certificate to the system store.
2) Export the certificate from 1) to a file with only the public key, and
then import the file as a certificate into the system store, but on another
computer.
3) Export the certificate from 1) to a file/files, with the public AND
private key, and import the file/files as a certificate into the system
store, but on another computer.
I can do 1) with makecert, like this:
makecert -pe -n "CN=myName" -ss my
The certmgr utility (GUI) confirms that a certificate has been created, and
that a private key exists and can be accessed for this certificate.
Now, for 2) i do this:
certmgr -put -c -n myName -s my myName.cer //export to file
certmgr -add -c myName.cer -sm
The certmgr utility (GUI) confirms that a certificate has been added to the
system store, and that a private key does not exist for this certificate.
But, i'm stuck with 3). I tried a few things, but nothing. ;(. Here are a
few things i tried:
a)Certmgr utility (GUI) allows me to export a certificate with a private key
attached to a .pfx file, and then import it back into a store. But this can
only be dont in the GUI mode of the certmgr utility. I need to automatize
this proces, and make it transparent to the user. The user only has to enter
the password for protecting the file which is being exported, and again when
it is imported. This is what i wish to achieve.
b)The makecert utility has options to generate a .pvk file with the private
key. I'm very confused by this. When i generate a private key to a file, the
private key is not associated with the certificate in the store. Why is
that? How do i tell the WSE (or whatever is in charge for this) that a
private key exists, so i can use it? And, when i try to generate a new
certificate using an existing private key .pvk file - the same thing
happens - the certificate "can't see" the private key.
Any other solution to my problem is ok, so that i can move the certificate
with the private key (or the key pair) from
one computer to another (and rebuild the certificate).
Any ideas?
Also, why can't i add certificates to a X509CertificateStore object? I
create a X509CertificateStore object, specifying the CurentUserersonal
store, get the X509CertificateCollection (using the .Certificates property)
and then add a X509Certificate (loaded from a file) - but nothing happens.
The X509CertificateCollection of the X509CertificateStore object is the same
as before calling the Add() method.
Also, when i load a certificate (created with the -pe opetion set, using the
makecert utility) from the system store to a X509Certificate object, i cant
access the private parameters of the .Key property of the X509Certificate
object. An exception is thrown saying that exporting private parameters is
not supported. The private key is there, but i cant access it.
Thanks in advance,
Ivan Zuzak