I was running into this problem as well.
I was able to resolve the issue by running
sn -i <KeyFile> <ContainerName>
(installs key pair into a named container).
sn
is usually installed as part of a Windows SDK. For example C:\Program Files (x86)\Microsoft SDKs\Windows\v8.0A\bin\NETFX 4.0 Tools\sn.exe
. Most likely this location is not on the search path for your standard environment. However, the "Developer Command Prompt" installed by Visual Studio adds additional information that usually includes the correct location.
Based on your post that would look like
sn -i companyname.pfx VS_KEY_3E185446540E7F7A
This must be run from the location of your PFX file, if you have the solution loaded in VS 2010 you can simply right click on the pfx file from the solution explorer and choose Open Command Prompt which will launch the .net 2010 cmd prompt tool in the correct directory.
Before running this sn command I did re-install the pfx by right clicking on it and choosing install however that did not work. Just something to note as it might be the combination of both that provided the solution.
Hope this helps solve your problem.
You should be able to get a collection object containing the certs in your .pfx file by using the X509Certificate2Collection
class... here's some C# example code:
string certPath = <YOUR PFX FILE PATH>;
string certPass = <YOUR PASSWORD>;
// Create a collection object and populate it using the PFX file
X509Certificate2Collection collection = new X509Certificate2Collection();
collection.Import(certPath, certPass, X509KeyStorageFlags.PersistKeySet);
Then you can iterate over the collection:
foreach (X509Certificate2 cert in collection)
{
Console.WriteLine("Subject is: '{0}'", cert.Subject);
Console.WriteLine("Issuer is: '{0}'", cert.Issuer);
// Import the certificates into X509Store objects
}
Depending on the type of certificate (client cert, intermediate CA cert, root CA) you'll need to open the proper cert store (as an X509Store
object) to import it.
Check out the X509Store
docs:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509store.aspx
And the different members in the StoreName
enumeration:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.storename.aspx
From what I understand, you want to use StoreName.My
for client certificates that contain a private key, StoreName.CertificateAuthority
for intermediate CA certs, and StoreName.Root
for root CA certs.
Best Answer
I found out that I can do everything with certutil and winhttpcertcfg like this:
1) add .p12 to Personal key store
2) add .cer certificate as trusted publisher
3) check which users have access to certificate
3) grant access to certificate