"The specified network password is not correct" on a certificate without a password, on live server only

Question

I'm using kentor authservices in a SAML service provider project built in asp webforms.

It works great on the development machine but when I put it on the production server (windows 2012 R2, IIS 8), the X509Certificates.X509Utils._LoadCertFromFile call throws an exception "The specified network password is not correct."

Only, the certificate (pfx) has no password and the location it sits in is not secured in any unusual way that I can see, but to be sure i've tried with 'everyone' temporarily granted full access to the folder.

The section of the web config relevant is:

<serviceCertificates>
  <add fileName="~/App_Data/M_SSO_SP.pfx"/>
</serviceCertificates>

Though I don't think it is code related, based on it working fine on the development machine - possibly some server-side problem with the certificate?

Any help would be appreciated greatly.

score 2 · Accepted Answer · edited May 23 '17 at 12:16

2

Looks like getting this error when loading a certificate from file is a known error: ASP.NET - The specified network password is not correct

Kentor.AuthServices doesn't set the MachineKeySet flag as suggested, which it probably should. I've filed an issue in the github repo that it should be fixed. Please follow up on that issue to see when a fix is avilable.

edited May 23 '17 at 12:16

Community

1
1

answered Apr 21 '16 at 18:58

Anders Abel

67,989
17
150
217

Great, thanks Anders! I did see the comment post on http://stackoverflow.com/questions/8286110/asp-net-the-specified-network-password-is-not-correct - is it possible to do this without 'filling up the disk' as the comment implies? – David Apr 22 '16 at 07:26
1

I didn't know of that filling up the disk risk. The [stubidp](http://stubidp.kentor.se) runs on Azure and loads the cert with the `MachineKeySet` flag and I've not seen any issues in the years it's been online. – Anders Abel Apr 22 '16 at 08:42
Ah ok, it's probably fine then, none of the other posts i've seen about the machinekeyset mention it. Thanks! – David Apr 22 '16 at 08:48
It seems this exact issue is now affecting the Core sample Startup class - `options.SPOptions.ServiceCertificates.Add(new X509Certificate2("Sustainsys.Saml2.Tests.pfx"));` in \Samples\SampleAspNetCore2ApplicationNETFramework\Startup.cs - I had to change it to `options.SPOptions.ServiceCertificates.Add(new X509Certificate2("Sustainsys.Saml2.Tests.pfx", "", X509KeyStorageFlags.MachineKeySet));` – jaycer Jun 08 '18 at 20:11

score 0 · Answer 2 · answered Jan 21 '20 at 07:11

0

I had the same issue, problem solved after I installed my pfx file on server.

answered Jan 21 '20 at 07:11

Sayedeh Mahshid Fatemi

163
1
6

try this: leave the password blank and press enter while installing – Sayedeh Mahshid Fatemi Apr 01 '22 at 05:08
It appears our Windows Server version was the issue. Installing in a newer version of Windows Server (WS 2019) worked. Windows Server 2008 or 2012 does not work. – Dan May 25 '22 at 14:53

"The specified network password is not correct" on a certificate without a password, on live server only

2 Answers2