发表新帖
发表新帖

X509Certificate.CreateFromCertFile - the specified network password is not correct

前端 未结
关注
7 1154
你的背包
你的背包 2020-12-14 16:23

I have a .NET application that I want to use as a client to call an SSL SOAP web service. I have been supplied with a valid client certificate called foo.pfx. T

相关标签:
7条回答
  • 一个人的身影
    2020-12-14 16:34

    In my case changing Identity to NetworkService in Application Pool solved this problem.

    0 讨论(0)
  • 隐瞒了意图╮
    2020-12-14 16:38

    In my case I was trying to run in the Private Application mode and I got the same error.

    The specified network password is not correct

    The PrivateAuthenticator constructor (in Xero.Api.Example.Applications.Private) was trying to import the certificate assuming there is no password defined during the creation of the certificate.

    _certificate = new X509Certificate2();
_certificate.Import(certificatePath);

    Then I changed the import to use an overload method which uses the password, 

    _certificate.Import(certificatePath, "mypasswordusedtocreatethecertificate",  X509KeyStorageFlags.MachineKeySet);
    0 讨论(0)
  • 旧巷少年郎
    2020-12-14 16:45

    The 'the specified network password is not correct' error message is also returned when the certificate you are trying to import in one of the OS stores is already present in that store.

    0 讨论(0)
  • 一生所求
    2020-12-14 16:52

    You might need to user X509Certificate2() with a parameter of X509KeyStorageFlags.MachineKeySet instead. This fixed a similar issue we had. Credit to the original website that suggested this: http://vdachev.net/2012/03/07/c-sharp-error-creating-x509certificate2-from-a-pfx-or-p12-file-in-production/

    Quoting:

    Cause

    The cause of the problem doesn’t seem to have much to do with the error messages. For some reason the constructor is trying to get access to the private key store although the private key is in stored in the file being opened. By default the user key store is used but ASP.NET (and probably non-interactive Windows services in general) are not allowed to open it. Chances are the user key store for the selected account doesn’t even exist.

    Solution

    One thing you could try is creating a user key store by logging into the account and importing a certificate in its Personal store (and then remove it again).

    Another solution is to pass an additional parameter to the constructor – a flag indicating the private keys are (supposed to be) stored in the local computer – X509KeyStorageFlags.MachineKeySet, like this: var certificate = new X509Certificate2(fileName, password, X509KeyStorageFlags.MachineKeySet);

    For a PFX with no password, then password can be specified as string.Empty.

    See also https://stackoverflow.com/a/8291956/130352

    0 讨论(0)
  • 借酒劲吻你
    2020-12-14 16:52

    You might need to X509KeyStorageFlags.MachineKeySet.

    I am using certificate from web job.

    0 讨论(0)
  • 感情败类
    2020-12-14 16:56

    Turns out that I was trying to create a certificate from the .pfx instead of the .cer file.

    Lesson learned...

    • .cer files are an X.509 certificate in binary form. They are DER encoded.
    • .pfx files are container files. Also DER encoded. They contain not only certificates, but also private keys in encrypted form.
    0 讨论(0)
 看不清?
提交回复
热议问题