Painful late night lessons with X509 Certificates

well it wasn’t a late night when I started.

I had to do some reconfiguration on the machine that I am using to do my wse2 demo tomorrow night at GUVSM in Montreal.

I am recreating some of these demos from scratch so I was practicing… ūüėČ

Suddenly I was getting errors on my user of an X509 Certificate.

Cryptography_CSP_NoPrivateKey

That was easily googled and the answer (in the newsgroups by the master himself … Jeffrey Hasan) with the notion that there was something wrong with my certificate installs.

That made perfect sense since I changed my windows login password today and that wipes them out. However I checked them and they were still there, so I didn’t worry. But now, I deleted and attempted (note that key word…) to reinstall them.

I was able to install 2 of the 3 sample certificates but was getting an error when imorting the private server certificate into the Local Computer/Personal store. The error is

“an internal error occurred. The private key that you are importing might require a cryptographic service provider that is not installed on your system.”

So I googled and found lots of problems with windows 2000 server. After about an hour of this, I was grabbing at straws, installed the certificate elsewhere and then just dragged and dropped it into the place I wanted. Tada. Problem solved. (Temporarily, since I do want to know why I can no longer import into that store.)

Almost.

However, in my reproduction of my demos I had forgotten something important.

I was now getting a new error message when running my demo that said :

The certificate’s trust chain could not be verfied with the following reaons: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

Now I was really frustrated. I googled again with no real luck. Then poked around the newsgroups again and saw something that triggered my memory that I needed to check “Allow Test Roots” in the WSE Settings (or just hand code this into web.config).

So all is well now and I have added some google juice to future people who may have these problems as well.

And as we all know, these lessons are painful and exhausting, but they are the lessons that really ingrain this stuff into your head.

  Sign up for my newsletter so you don't miss my conference & Pluralsight course announcements!  

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.