C#, Unable to import .p7b certificate to windows store

Question

I'm trying to import certificate (smime) with extension .p7b to windows store.

This is the current code

X509Certificate2 cert = new X509Certificate2(@"C:\test_public_cert.p7b");
X509Store store = new X509Store(StoreName.AddressBook, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.Add(cert);

It gave me an error that "Cannot find the original signer".

Remark: This code is working with .cer extensions (DER & Base 64).

Anyone please help to identify the possible root clause?

Thanks.

PS. VS2010, Windows Server 2008 R2

Edit1: test_public_cert.p7b was exported from public key on another server via mmc console.

Rutix · Accepted Answer · 2016-10-11T20:22:56.517

9

I encountered this problem in the past with the .p7b extension. There are two ways I found you can solve this. In the end I ended up using number 1. Number 2 is something you already found out by exporting to a .cer. You can also try to use option 3 but I am not sure if that will fully work.

1. Use SignedCms instead of the X509Certificate class.

See for more details Enveloped PKCS #7 Signatures

2. Loading a .p7b only includes the certificate file, which probably doesn't include the private key. Install the private key on the server where it was generated and then export it to as a .pfx file and move it to the server you want to use.

3. Since a .p7b file contains the whole certificate chain and not just one certificate you can try the follow method to add this to the windows store.

X509Certificate2Collection certCollection = new X509Certificate2Collection();
certCollection.Import(@"C:\test_public_cert.p7b");
X509Store store = new X509Store(StoreName.AddressBook, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.AddRange(certCollection);

edited Oct 11 '16 at 20:22

answered Mar 31 '14 at 05:35

Rutix

861
1
10
22

Thx for reply. I know how to use class SignedCms in order to encode or decode the message but i could not figure out yet how to make use of it to import cert to store. – tong Mar 31 '14 at 05:55
A .p7b contains the certificate chain and not a single certificate. You can use the SignedCms to decode the .p7b, pull the correct raw byte and use that to create a X509Certificate2 and try to store that. I also editted the original answer with a third option. – Rutix Mar 31 '14 at 09:12
Thanks for 3rd option, i can get some idea to work further. btw, i will try on SignedCms class also. – tong Mar 31 '14 at 13:18
2

For anyone finding this thread and wanting to use PowerShell, your solution looks like this in PowerShell. $certcoll = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collectio $certcoll.Import($FilePath) $x509Store = New-Object System.Security.Cryptography.X509Certificates.X509Store $StoreName,$Location $x509Store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite) $x509Store.AddRange($certcoll) $x509Store.Close() – Adam Bertram Oct 09 '15 at 15:37

C#, Unable to import .p7b certificate to windows store

1 Answers1