Stack Overflow
Stack Overflow

Questions tagged [x509certificate2]

.NET Class for handling X.509 Certificates

922 questions
24
votes
4 answers

How to programmatically import a pfx with a chain of certificates into the certificate store?

I am trying to programmatically import a X509 certificate (pfx / PKCS#12) in my local machine's certificate store. This particular certificate has a chain of certificates, the certification path looks something like this: Root certificate…
Edwin de Koning
  • 14,209
  • 7
  • 56
  • 74
24
votes
1 answer

X509Certificate2.Verify() returns false always

Facing a really strange issue X509Certificate2.Verify() returning false for a valid certificate. Maybe some has already faced this strange scenario before and can shine some light on it. I am using openssl to generate client certificates for…
Deb
  • 737
  • 1
  • 5
  • 20
24
votes
10 answers

How do you parse the Subject Alternate Names from an X509Certificate2?

Is there an easy way to get the Subject Alternate Names from an X509Certificate2 object? foreach (X509Extension ext in certificate.Extensions) { if (ext.Oid.Value.Equals(/* SAN OID */"2.5.29.17")) { …
noctonura
  • 12,763
  • 10
  • 52
  • 85
19
votes
2 answers

Create X509Certificate2 from Cert and Key, without making a PFX file

In the past I have been making secure TcpListener by exporting a PFX certificate with a password, but would like to know if this step could be skipped. I'm not using commercial SSL certificates, and have a Root CA, that I use to issue server…
Conrad
  • 397
  • 1
  • 2
  • 12
19
votes
2 answers

Azure Key Vault Certificates does not have the Private Key when retrieved via IKeyVaultClient.GetCertificateAsync

I have 2 approaches to do the same thing, but Azure has deprecated the one that works, and the other method doesn't work. The approach that works, but is deprecated: I store my PFX in Azure Key Vault Secrets. (when I create the secret I see a…
Nandun
  • 1,802
  • 2
  • 20
  • 35
19
votes
3 answers

C# and dotnet 4.7.1 not adding custom certificate for TLS 1.2 calls

I have the following C# code, constructing an https call with a custom certificate. When using Tls 1.1, the call works fine. When using Tls 1.2 the call breaks. I using curl, using tls 1.2 works fine as well. C# Code: X509Certificate2Collection…
Stephan Møller
  • 1,247
  • 19
  • 39
19
votes
1 answer

X.509 certificate: Is it a good idea (or bad) to add localhost in Subject Alternative Name?

We are deciding whether "localhost" (and similarly address like "127.0.0.1") should be added as one of the subject alternative names in the certificate. One benefit might be to facilitate local testing. But will there be any drawback?
user180574
  • 5,681
  • 13
  • 53
  • 94
19
votes
3 answers

In C#, sign an xml with a x.509 certificate and check the signature

I'm trying to sign an XML file using a x.509 certificate, I can use the private key to sign the document and then use the CheckSignature method (it has an overload that receives a certificate as parameter) to verify the signature. The problem is…
willvv
  • 8,439
  • 16
  • 66
  • 101
19
votes
1 answer

C# Export cert in pfx format

NET to export a certificate from the cert store into a PFX file. I'm trying to use the X509certificate2.Export method with the X509ContentType.Pfx flag set, but am unsure how to handle the returned byte array and output it correctly to file. Any…
J Hunt
  • 850
  • 1
  • 7
  • 14
18
votes
1 answer

Trouble signing a JWT token with an x509 Certificate

I'm having trouble signing a JWT token with a certificate that I created. I understand the fundamentals of how signing (public/private key) works, but the classes and toolsets are very confusing. I've been fussing with this example code for quite…
Ultratrunks
  • 2,464
  • 5
  • 28
  • 48
17
votes
2 answers

Should I dispose of X509Certificate2?

I'm using IdentityServer4 and I want to load signing certificate from file. For example, var certificate = new X509Certificate2( path, password, X509KeyStorageFlags.EphemeralKeySet); services.AddIdentityServer() …
qwermike
  • 1,446
  • 2
  • 12
  • 24
17
votes
1 answer

“error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure” when generating self signed certificate for Identity Server 4

We're developing a microservices app on Kubernetes. One of the microservices is IdentityServer instance. Initially, I want to test the solution locally on Docker to make sure it works. For this purpose, I want to copy the certificate to…
skyrunner
  • 460
  • 1
  • 7
  • 18
17
votes
1 answer

.NET Core X509Certificate2 usage (under Windows/IIS, Docker, Linux)

I am really trying a long time to use certificates in .NET Core API. Basically where I need to use them is in a .NET Core web api running on IIS and docker. Certificates I need to use are for: Microsoft.AspNetCore.DataProtection public void…
monty
  • 7,888
  • 16
  • 63
  • 100
16
votes
1 answer

KeyAlgorithm for SHA256

The PowerShell command below creates a self-signed certificate with SHA1 as signature algorithm. New-SelfSignedCertificate -DnsName "MyCertificate", "www.contoso.com" -CertStoreLocation "cert:\LocalMachine\My" -Provider "Microsoft Strong…
Believe2014
  • 3,894
  • 2
  • 26
  • 46
16
votes
2 answers

How do I programmatically find which certificate was used to sign a given certificate?

In my C# code I have a X509Certificate2 object which represents an SSL certificate (from a local store or from a successful HTTP request over SSL). The certificate is signed with some intermediate certificate which maybe is present in the local…
sharptooth
  • 167,383
  • 100
  • 513
  • 979
1
2
3
61 62