tong tong - 1 month ago 22
C# Question

C#, Unable to import .p7b certificate to windows store

I'm trying to import certificate (smime) with extension .p7b to windows store.

This is the current code

X509Certificate2 cert = new X509Certificate2(@"C:\test_public_cert.p7b");
X509Store store = new X509Store(StoreName.AddressBook, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.Add(cert);


It gave me an error that "Cannot find the original signer".


Remark: This code is working with .cer extensions (DER & Base 64).


Anyone please help to identify the possible root clause?

Thanks.

PS. VS2010, Windows Server 2008 R2

Edit1: test_public_cert.p7b was exported from public key on another server via mmc console.

Answer

I encountered this problem in the past with the .p7b extension. There are two ways I found you can solve this. In the end I ended up using number 1. Number 2 is something you already found out by exporting to a .cer. You can also try to use option 3 but I am not sure if that will fully work.

1. Use SignedCms instead of the X509Certificate class.

See for more details Enveloped PKCS #7 Signatures

2. Loading a .p7b only includes the certificate file, which probably doesn't include the private key. Install the private key on the server where it was generated and then export it to as a .pfx file and move it to the server you want to use.

3. Since a .p7b file contains the whole certificate chain and not just one certificate you can try the follow method to add this to the windows store.

X509Certificate2Collection certCollection = new X509Certificate2Collection();
certCollection.Import(@"C:\test_public_cert.p7b");
X509Store store = new X509Store(StoreName.AddressBook, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.AddRange(certCollection);
Comments