W
Will
It seems that I have scoured the net and came up empty
handed.
I have an ASP.net app that posts xml to another company's
servlet. For some transactions, they do not require a
certificate, but others do. I started building this app
with the transactions that did not require the cert, but
put in the code to use the cert anyhow. I have been
running for several months thinking that I was using my
cert, but now that I'm trying to build the transactions
that REQUIRE the cert- It turns out that the cert is not
ACTUALLY being used.
I called my contact at the other company and they say
their system never sees my cert being used.
I'm using what appears to be the 'standard' code that
eveyone else uses:
//########################################################
########
....Load XML
HttpWebRequest objRequest = (HttpWebRequest)
WebRequest.Create
("https://other.large.company.com/theirServlet");
objRequest.Method = "POST";
objRequest.ContentLength = xmlDoc.InnerXml.Length;
objRequest.ContentType = "text/xml";
objRequest.Timeout = 30000;
objRequest.ClientCertificates.Add
(X509Certificate.CreateFromCertFile
(Global.appPath+@"cert.cer"));
//
//ServicePointManager.CertificatePolicy = new CertPolicy
();
//
Response.Write
("certcount="+objRequest.ClientCertificates.Count.ToString
()+"<BR>");
....POST XML
....Get Response
....Process Response XML
ServicePoint sp = ServicePointManager.FindServicePoint
(objRequest.RequestUri);
if(sp.ClientCertificate!=null) Response.Write
("sp.ClientCertificate = "+sp.ClientCertificate.GetName()
+"<BR>");
else Response.Write("ClientCertificate is null<BR>");
if(sp.Certificate!=null) Response.Write("sp.Certificate
= "+sp.Certificate.ToString(true)+"<BR>");
else Response.Write("Certificate is null<BR>");
//########################################################
########
RESPONSE.WRITE OUTPUTS:
certcount=1
ClientCertificate is null
sp.Certificate = CERTIFICATE: Format: X509 Name: C=US,
S=Missouri, O=.....(edited out- this is the other
company's cert)
I've tried the "new CertPolicy()" route, but it doesn't
change anything. The Response.Write shows "certcount=1",
so it seems that it is loading it. I used GetName() on it
and it was the correct cert too. I'm not sure if
sp.Certificate sould have MY cert listed or theirs (as it
does).
The cert is installed on the server. I installed the
cert.pfx file and then exported it to cert.cer. In old
ASP, I had to use winhttpcertcfg.exe to give the
IWAM_COMPUTER user access to the cert, so I did this
again. But still nothing.
Oddly, the cert is under CURRENT_USER\MY where as before
it was under LOCAL_MACHINE\MY. Does this make a
difference?
I read somewhere that HttpWebRequest looks at the cert I
loaded, finds it in the store, and then uses it.
This is the only way for it to get the Private Key? Is
this true?
If so, then how do I know if it found it in the store? or
didn't?
How else can I possibly make a connection like
this!? .cer files don't have the Private Key. The Private
Key is required!
It is very hard to find the problem when there isn't any
kind of 'status' or monitoring of the actual connection
AND no errors. The other company just returns XML
saying "Basic authorization is not allowed for this
transaction".
-Hope someone can help!
-Will.K
..
handed.
I have an ASP.net app that posts xml to another company's
servlet. For some transactions, they do not require a
certificate, but others do. I started building this app
with the transactions that did not require the cert, but
put in the code to use the cert anyhow. I have been
running for several months thinking that I was using my
cert, but now that I'm trying to build the transactions
that REQUIRE the cert- It turns out that the cert is not
ACTUALLY being used.
I called my contact at the other company and they say
their system never sees my cert being used.
I'm using what appears to be the 'standard' code that
eveyone else uses:
//########################################################
########
....Load XML
HttpWebRequest objRequest = (HttpWebRequest)
WebRequest.Create
("https://other.large.company.com/theirServlet");
objRequest.Method = "POST";
objRequest.ContentLength = xmlDoc.InnerXml.Length;
objRequest.ContentType = "text/xml";
objRequest.Timeout = 30000;
objRequest.ClientCertificates.Add
(X509Certificate.CreateFromCertFile
(Global.appPath+@"cert.cer"));
//
//ServicePointManager.CertificatePolicy = new CertPolicy
();
//
Response.Write
("certcount="+objRequest.ClientCertificates.Count.ToString
()+"<BR>");
....POST XML
....Get Response
....Process Response XML
ServicePoint sp = ServicePointManager.FindServicePoint
(objRequest.RequestUri);
if(sp.ClientCertificate!=null) Response.Write
("sp.ClientCertificate = "+sp.ClientCertificate.GetName()
+"<BR>");
else Response.Write("ClientCertificate is null<BR>");
if(sp.Certificate!=null) Response.Write("sp.Certificate
= "+sp.Certificate.ToString(true)+"<BR>");
else Response.Write("Certificate is null<BR>");
//########################################################
########
RESPONSE.WRITE OUTPUTS:
certcount=1
ClientCertificate is null
sp.Certificate = CERTIFICATE: Format: X509 Name: C=US,
S=Missouri, O=.....(edited out- this is the other
company's cert)
I've tried the "new CertPolicy()" route, but it doesn't
change anything. The Response.Write shows "certcount=1",
so it seems that it is loading it. I used GetName() on it
and it was the correct cert too. I'm not sure if
sp.Certificate sould have MY cert listed or theirs (as it
does).
The cert is installed on the server. I installed the
cert.pfx file and then exported it to cert.cer. In old
ASP, I had to use winhttpcertcfg.exe to give the
IWAM_COMPUTER user access to the cert, so I did this
again. But still nothing.
Oddly, the cert is under CURRENT_USER\MY where as before
it was under LOCAL_MACHINE\MY. Does this make a
difference?
I read somewhere that HttpWebRequest looks at the cert I
loaded, finds it in the store, and then uses it.
This is the only way for it to get the Private Key? Is
this true?
If so, then how do I know if it found it in the store? or
didn't?
How else can I possibly make a connection like
this!? .cer files don't have the Private Key. The Private
Key is required!
It is very hard to find the problem when there isn't any
kind of 'status' or monitoring of the actual connection
AND no errors. The other company just returns XML
saying "Basic authorization is not allowed for this
transaction".
-Hope someone can help!
-Will.K
..