While creating a client for a web service, I came across the following.
The web service uses https with a client certificate which I imported into the certificate store:
|
1 2 3 4 5 |
var cert = new X509Certificate2(certificate, password); var store = new X509Store(storeName, storeLocation); store.Open(OpenFlags.ReadWrite); store.Add(cert); store.Close(); |
Pretty simple!
While this worked on my local machine it did not work on the workstations the client actually runs on. The default response to any request sent from these clients was: ‘Could not create SSL/TLS secure channel.’.
At first I thought it had something to do with user rights. Nope, importing the certificate by hand with the same user as the client process did work. After some trial and error I discovered Windows 8.1 apparently stores the private key by default and Windows XP POSReady and Windows 7 POSReady do not.
By adding the appropriate X509KeyStorageFlags (PersistKeySet and DefaultKeySet) Windows POSReady also stores the private key:
|
1 |
var cert = new X509Certificate2(certificate, password, X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.DefaultKeySet); |
Now the certificate is imported correctly an no more: ‘Could not create SSL/TLS secure channel.’.
Problem solved!
More info:
