X509Certificate.CreateFromCertFile - the specified network password is not correct

Question

I have a .NET application that I want to use as a client to call an SSL SOAP web service. I have been supplied with a valid client certificate called foo.pfx. T

Answer 1

You might need to user X509Certificate2() with a parameter of X509KeyStorageFlags.MachineKeySet instead. This fixed a similar issue we had. Credit to the original website that suggested this: http://vdachev.net/2012/03/07/c-sharp-error-creating-x509certificate2-from-a-pfx-or-p12-file-in-production/

Quoting:

Cause

The cause of the problem doesn’t seem to have much to do with the error messages. For some reason the constructor is trying to get access to the private key store although the private key is in stored in the file being opened. By default the user key store is used but ASP.NET (and probably non-interactive Windows services in general) are not allowed to open it. Chances are the user key store for the selected account doesn’t even exist.

Solution

One thing you could try is creating a user key store by logging into the account and importing a certificate in its Personal store (and then remove it again).

Another solution is to pass an additional parameter to the constructor – a flag indicating the private keys are (supposed to be) stored in the local computer – X509KeyStorageFlags.MachineKeySet, like this: var certificate = new X509Certificate2(fileName, password, X509KeyStorageFlags.MachineKeySet);

For a PFX with no password, then password can be specified as string.Empty.

See also https://stackoverflow.com/a/8291956/130352