4

I have a .p12 file for my ASP.NET application to connect to a web service via HTTPS.

I am trying to import the .p12 file into the Local Machine/My store. The .p12 file contains more than one certificate. One contains the private key and the other is the CA certificate to complete the chain.

Currently I am using the `System.Security.Cryptography.X509Certificates.X509Certificate2 object's Import method to import this file into the store. Today I noticed that the CA certificate is not getting imported, only the main certificate containing the private key is getting imported using this method. After further review of MSDN I have found the following rule regarding the Import method:

Note that a PFX/PKCS12 certificate can contain more than one certificate. In that case, the first certificate associated with a private key is used or, if no private key is found, the first certificate is used.

Can anyone suggest to me another method for importing the .p12 file programmatically that will actually import all certificates in the file? I am using PowerShell to perform this function.

balexandre
  • 73,608
  • 45
  • 233
  • 342
Tyler
  • 173
  • 4
  • 8
  • Can you be more accurate on what you want to do. your .P12 file contain a public key, a private key and a CA chain. Do you want to install the CA public key ? – JPBlanc Oct 06 '11 at 01:36
  • I want to install all certificates contained in the .p12 file including the public key, private key and CA public key. Some additional research has led me to believe that since I'm performing this in PowerShell that I should use the certutil command with the -importpfx flag. – Tyler Oct 06 '11 at 01:59
  • As far as as understand CA public key is not part of classic import of a .P12. When you double clic on a P12 file on Windows it does not import the CA public key in root CA certificate store. – JPBlanc Oct 06 '11 at 02:30
  • I agree, CA public key in not part of classic import of a .P12 file, and you're right when you double click on a p12 file Windows does not import the CA public key. However, if you use MMC to import the file instead of double clicking on it, it does import the CA public key along with the other certificate. – Tyler Oct 06 '11 at 12:08
  • I was also going to suggest [CERTUTIL.EXE](http://technet.microsoft.com/en-us/library/cc732443%28v=ws.10%29.aspx) with the `-importPFX` flag... but I see you've already mentioned that. – ewall Oct 20 '11 at 15:09

1 Answers1

4

Instead of using the X509Certificate2.Import method, use the X509Certificate2Collection.Import method. It will give you all certificates from the .p12 file.

You can then add each certificate to its appropriate store.

Björn
  • 3,098
  • 2
  • 26
  • 40
Henning Krause
  • 5,302
  • 3
  • 24
  • 37