-1

I am using the below code to configure SSL cert in C# web API. The issue is I am finding the SSL cert using the serial number and every time when the SSL cert is reissued by Infra I have to update the cert serial number in the application config. Is there any cert property that remains the same after reissue?

X509Store store = new X509Store(StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);    
X509Certificate2Collection certificates = store.Certificates.Find(
                                                X509FindType.FindBySerialNumber,
                                                sslCertificateSerialNumber,
                                                false);

'sslCertificateSerialNumber' is coming from the config file

Durgesh Sharma
  • 3
  • 5
  • 1
    It is unclear what use case you are trying to implement here, i.e. why do you want to find a certificate from the store in the first place and what properties the certificate should have you want to use. This is like picking a person by the birth date and then asking if there are other possible criteria to pick the person - without any other context what properties the person should have. – Steffen Ullrich Dec 17 '20 at 07:05
  • I am configuring web API to run on HTTPS. I am finding the SSL cert I want to bind by serial number in the above code. I am looking for some other property that will not change on the reissue. Please note I don't want to bind the certificate to a port – Durgesh Sharma Dec 17 '20 at 07:18
  • Basically you are saying that you want something other without saying what is available as a unique criteria in your use case. Given your comment to the existing answer for example the subject is not available. Do you really expect others to just guess every possible thing what might help and then you come back with "nah, does not work either since it is not unique"? Please look at the certificates you have instead to figure out what is unique, nobody knows your certificates. – Steffen Ullrich Dec 17 '20 at 07:26
  • "Is there any cert property that remains the same after reissue?" - you're the one who (presumably) has two or more of these certificates available to you and can examine them. – Damien_The_Unbeliever Dec 17 '20 at 08:12

1 Answers1

0

You can use findBySubjectName it's more useful. If you have multiple subjects you can act like this:

        X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.LocalMachine);
        store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
        X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
        foreach (X509Certificate2 x509 in collection)
        {
            if (x509.Thumbprint == "5550541D10488D148BCAC0D289DED441609849FF")
            {
                client.ClientCredentials.ClientCertificate.SetCertificate(
                 x509.SubjectName.Name, store.Location, StoreName.TrustedPeople);
            }
        }
Amir
  • 1,214
  • 7
  • 10