.net – Finding an X.509 certificate by thumbprint

asp.netnetwcfweb servicesx509certificate

My current project involves accessing a web service using WCF. I'm having trouble with configuring the certificates required for service authentication in my Web.config file. Specifically, I continue to receive the following message when creating my proxy object:

Cannot find the X.509 certificate using the following search criteria: StoreName 'CertificateAuthority', StoreLocation 'LocalMachine', FindType 'FindByThumbprint', FindValue 'df8bd67d2bbd4e337fef7403f776f40a892ade9c'.

I have searched for several hours to confirm that I'm identifying the correct storeLocation and storeName, but have not been successful. In the process, I've already learned about the invisible characters that Windows' MMC console app for certificates adds to the beginning of the thumbprint when you copy & paste it into Web.config. I've fixed that. I've also learned that you don't include spaces when specifying the thumbprint in the Web.config file.

So I'm down to identifying the correct storeLocation and storeName. Can someone provide, or point me to, a cross-walk between the certificate locations as viewed within MMC vs. the options available in the Web.config file?

Here is what my MMC certificates console shows:
MMC Logical Store Names

Here are my options for storeLocation in Web.config:
Web.config storeLocation options

And here are my options for storeName:
Web.config storeName options

As you can see, these values are not consistent, and I suspect that this is where my problem lies.

For storeLocation, I'm fairly certain that MMC's "Current User" matches with Web.config's "CurrentUser," and that MMC's "Local Computer" matches up with "LocalMachine."

As for storeName, though, I can only guess that MMC's "Personal" matches to Web.Config's "My." Beyond that, the slight variations are just enough to make me wonder. So far, none of the permutations I've tried have allowed WCF to find the certificate based on what's in the Web.config file.

As for the specifics of my issue, there is one server certificate and one client certificate. The server certificate is installed in Local Computer/Trusted Root Certification Authorities. The client certificate is installed in Local Computer/Personal. Development is being done in Visual Studio 2008, targeting version 3.5 of the .NET Framework.

So, to repeat my question, can anyone provide a crosswalk between MMC and Web.config terminology, or point me to a reference?

Best Answer

The MSDN documentation for StoreName Enumeration seems to provide a reasonably good description which should support mapping between the enum and the MMC Cert snapin.

My attempt at mapping:

AddressBook            Other People
AuthRoot               Third-Party Certification Authorities
CertificateAuthority   Intermediate Certification Authorities
Disallowed             Untrusted Certificates
My                     Personal
Root                   Trusted Root Certificate Authorities
TrustedPeople          Trusted People
TrustedPublisher       Trusted Publishers
Related Topic