Export and Import certificates with private keys

Discussion in 'ASP .Net Web Services' started by Ivan Zuzak, Feb 11, 2005.

  1. Ivan Zuzak

    Ivan Zuzak Guest

    Hello. Sorry for crossposting, but i didn't have a better idea as to
    where to post the question.

    I'm using certificates to sign and encrypt SOAP messages, using WSE in .Net.
    I want to do the following:
    1) Generate a certificate to the system store.
    2) Export the certificate from 1) to a file with only the public key, and
    then import the file as a certificate into the system store, but on another
    3) Export the certificate from 1) to a file/files, with the public AND
    private key, and import the file/files as a certificate into the system
    store, but on another computer.

    I can do 1) with makecert, like this:
    makecert -pe -n "CN=myName" -ss my
    The certmgr utility (GUI) confirms that a certificate has been created, and
    that a private key exists and can be accessed for this certificate.

    Now, for 2) i do this:
    certmgr -put -c -n myName -s my myName.cer //export to file
    certmgr -add -c myName.cer -sm
    The certmgr utility (GUI) confirms that a certificate has been added to the
    system store, and that a private key does not exist for this certificate.

    But, i'm stuck with 3). I tried a few things, but nothing. ;(. Here are a
    few things i tried:
    a)Certmgr utility (GUI) allows me to export a certificate with a private key
    attached to a .pfx file, and then import it back into a store. But this can
    only be dont in the GUI mode of the certmgr utility. I need to automatize
    this proces, and make it transparent to the user. The user only has to enter
    the password for protecting the file which is being exported, and again when
    it is imported. This is what i wish to achieve.
    b)The makecert utility has options to generate a .pvk file with the private
    key. I'm very confused by this. When i generate a private key to a file, the
    private key is not associated with the certificate in the store. Why is
    that? How do i tell the WSE (or whatever is in charge for this) that a
    private key exists, so i can use it? And, when i try to generate a new
    certificate using an existing private key .pvk file - the same thing
    happens - the certificate "can't see" the private key.

    Any other solution to my problem is ok, so that i can move the certificate
    with the private key (or the key pair) from
    one computer to another (and rebuild the certificate).
    Any ideas?

    Also, why can't i add certificates to a X509CertificateStore object? I
    create a X509CertificateStore object, specifying the CurentUser:personal
    store, get the X509CertificateCollection (using the .Certificates property)
    and then add a X509Certificate (loaded from a file) - but nothing happens.
    The X509CertificateCollection of the X509CertificateStore object is the same
    as before calling the Add() method.

    Also, when i load a certificate (created with the -pe opetion set, using the
    makecert utility) from the system store to a X509Certificate object, i cant
    access the private parameters of the .Key property of the X509Certificate
    object. An exception is thrown saying that exporting private parameters is
    not supported. The private key is there, but i cant access it.

    Thanks in advance,
    Ivan Zuzak
    Ivan Zuzak, Feb 11, 2005
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Xavier
    Mar 3, 2004
  2. Brian R.

    HttpWebRequest and PAssowrd Protected Private Keys

    Brian R., Apr 12, 2007, in forum: ASP .Net Security
    Steven Cheng[MSFT]
    Apr 23, 2007
  3. n33470

    Are SSL certificates and x.509 certificates the same?

    n33470, Dec 14, 2005, in forum: ASP .Net Web Services
    Dec 14, 2005
  4. Adam Akhtar
    Eleanor McHugh
    Nov 28, 2009
  5. Steve
    Oct 25, 2007

Share This Page