X509Certificate.CreateFromCertFile - the specified network password is not correct

Question

I have a .NET application that I want to use as a client to call an SSL SOAP web service. I have been supplied with a valid client certificate called foo.pfx. T

Answer 1

Depending on your situation you probably need to install the certificate on the server first to get the trust level up before you export the .cer file.

I had to do this for a similar project and here were my notes on how it was accomplished.

Replace the Foo.cer with an export of the certificate installed on the server. (Install the cert from the pfx file and then export it to a cer file.)

• Command for IIS6 to allow IIS_WPG group access to the cert key. Need to install winhttpcertcfg (You can follow the link below to grab your own copy).

  C:\Program Files\Windows Resource Kits\Tools>winhttpcertcfg -i (Path to pfx file, eg. e:\Certs\Foo.pfx) -c LOCAL_MACHINE\My -a IIS_WPG -p (Password for pfx file)

• Spits out key info and grants privilege

  Granting private key access for account:

    (SERVERNAME)\IIS_WPG
  

Download WinHttpCertCfg.msi here that installs the exe.

More info on how to use the cert config can be found here.

Then it just goes back to how you are doing your cert push.

//Cert Challenge URL 
Uri requestURI = new Uri("https://someurl");

//Create the Request Object
HttpWebRequest pageRequest = (HttpWebRequest)WebRequest.Create(requestURI);

//After installing the cert on the server export a client cert to the working directory as Foo.cer
string certFile = MapPath("Foo.cer");
X509Certificate cert = X509Certificate.CreateFromCertFile(certFile);

        
//Set the Request Object parameters
pageRequest.ContentType = "application/x-www-form-urlencoded";
pageRequest.Method = "POST";
pageRequest.AllowWriteStreamBuffering = false;
pageRequest.AllowAutoRedirect = false;
pageRequest.ClientCertificates.Add(cert);

This how I passed the cert but not sure exactly what you are needing to do with your cert so this might not be the same for you.