1

I'm trying to get a list of non-expired certificates from the cert stores of remote machines. For some machines this works fine, but for others I'm getting the following error:

Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The network path was not found.
at Internal.Cryptography.Pal.StorePal.FromSystemStore(String storeName, StoreLocation storeLocation, OpenFlags openFlags)
at System.Security.Cryptography.X509Certificates.X509Store.Open(OpenFlags flags)
at GetCertificates(String server)

Here is the piece of code where this is coming from:

var store = new X509Store($@"\\{server}\My", StoreLocation.LocalMachine);
var certList = new List<X509Certificate2>();
try
{
     store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
     certList = store.Certificates.Cast<X509Certificate2>()
                     .Where(x => x.NotBefore < DateTime.Now &&
                                 DateTime.Now < x.NotAfter).ToList();
}
catch (Exception e)
{
     throw;
}
finally
{
     store.Close();
}

Any ideas why this maybe happening for some machines and/or possible workarounds/solutions?

Thank you

sounami
  • 83
  • 3
  • according to [constructor doc](https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.x509store.-ctor?view=net-5.0), `new X509Store(this is a name, this is a location type)`. but your first actual parameter is a share folder path, not a name. – Lei Yang Jul 02 '21 at 01:51
  • @LeiY, I based the code off of this solution which suggests remote paths/UNC can be used: https://stackoverflow.com/a/30945625/2048464 – sounami Jul 02 '21 at 13:22

2 Answers2

1

Based on the exception given, it is due to incorrect or in valid network path. Check whether you can access the remote server from your server where you have hosted the above code.

Darshani Jayasekara
  • 561
  • 1
  • 4
  • 14
  • Thanks for the reply, but I've verified that the network path/server is accessible. I can remote desktop into the machines and bring up their store via PowerShell and mmc using the same credentials. – sounami Jul 02 '21 at 13:25
  • Did you try to access them using your iis app pool account? – Darshani Jayasekara Jul 02 '21 at 13:34
  • Yes, I used the same account. I think I may have found a solution. Thanks for your time! – sounami Jul 02 '21 at 14:43
0

Found a solution. I ran my application as an administrator and now it seems to be able to resolve the network paths. I'm guessing we have some configuration/permission setup for these servers that only allow 'admins' to access the certs remotely.

sounami
  • 83
  • 3