lukiffer lukiffer - 18 days ago 6
C# Question

X509Certificate Constructor Exception

//cert is an EF Entity and
// cert.CertificatePKCS12 is a byte[] with the certificate.

var certificate = new X509Certificate(cert.CertificatePKCS12, "SomePassword");


When loading a certificate from our database, on our staging server (Windows 2008 R2/IIS7.5) we get this exception:

System.Security.Cryptography.CryptographicException: An internal error occurred.

at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags)


NOTE: This issue does not happen locally (Windows 7/Casini).

Any insight is greatly appreciated.

Answer

Turns out there's a setting in the IIS Application Pool configuration (Application Pools > Advanced Settings) to load the user profile for the application pool identity user. When set to false, the key containers aren't accessible.

So just set Load User Profile option as True

App Pool-> Advanced Settings Screen