How to find certificate by its thumbprint in C#

Question

I am using this code to find the certificate by its thumbprint. certificate exists in certificate manager in personal certificate store but this code is not finding that certificate.

Please tell me where I'm doing wrong in it.

namespace ConsoleApplication1
{
    class Program
    {
        static void Main(string[] args)
        {
            string certThumbPrint = "‎‎fe14593dd66b2406c5269d742d04b6e1ab03adb1";
            X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
            // Try to open the store.

            certStore.Open(OpenFlags.ReadOnly);
            // Find the certificate that matches the thumbprint.
            X509Certificate2Collection certCollection = certStore.Certificates.Find(
                X509FindType.FindByThumbprint, certThumbPrint, false);
            certStore.Close();

            // Check to see if our certificate was added to the collection. If no, 
            // throw an error, if yes, create a certificate using it.
            if (0 == certCollection.Count)
            {
                Console.WriteLine("Error: No certificate found containing thumbprint " );
            }
            Console.ReadLine();
}

possible duplicate of [Problems with X509Store Certificates.Find FindByThumbprint](http://stackoverflow.com/questions/8448147/problems-with-x509store-certificates-find-findbythumbprint) — Peter O., Sep 25 '14 at 17:43
`X509Store` implements `IDisposable` so it should be used with a `using` statement. — Alex Vallejo, Mar 04 '20 at 20:26

score 225 · Accepted Answer · edited May 23 '17 at 12:10

225

Just stumbled over this question when Googling for the same issue, and found the answer here: if, like me, you obtained your "source" thumbprint from MMC by highlighting the thumbprint and copying it to the clipboard, you've almost certainly caught an invisible character at the start of the screen, so:

string certThumbPrint = "‎‎fe14593dd66b2406c5269d742d04b6e1ab03adb1";

is actually

string certThumbPrint = "‎‎INVISIBLECHARACTERfe14593dd66b2406c5269d742d04b6e1ab03adb1";

If you delete this invisible character (you can tell it's there when you press backspace or delete beside it and nothing seems to happen), or just retype the thumbprint by hand, your code should work fine. Now if only Visual Studio had a "show invisible characters" option ...

edited May 23 '17 at 12:10

Community

1
1

answered Feb 13 '13 at 11:40

KenD

5,280
7
48
85

2

VS has Edit > Advanced > View White Space (Ctrl+R, Ctrl+W to toggle)- it **may** help, if you know, what to look for. – Michael Freidgeim Jun 21 '13 at 20:18
@MichaelFreidgeim it does not help. VS does not show the hidden characters, only space characters. – George Polevoy Nov 12 '14 at 10:16
@MichaelFreidgeim View White Space does not display these particular invisible characters, in VS 2013 at least. – Jeremy Cook Aug 06 '15 at 20:21
I also did fall for the select and copy from the MMC. – Mötz Jan 27 '16 at 10:16
4

HOLY @%$@$!!! THIS IS EPIC. Wasted Hrs, playing with immediate window, wondering why "Foo" == "Foo" was false. You, sir, deserve an upvote. THANK YOU! – Thiago Silva Feb 23 '16 at 21:58
2

THAT explains the ? character I was seeing in the logs! God bless you sir – ReimTime Sep 13 '18 at 13:11
1

There is also an article from microsoft: https://support.microsoft.com/en-us/topic/certificate-thumbprint-displayed-in-mmc-certificate-snap-in-has-extra-invisible-unicode-character-c9e58dcb-f39a-d0a1-f7fc-bcaaa6fe64e4 – Mathias Feb 02 '21 at 10:50

Edward Brey · Answer 2 · 2016-08-26T16:16:57.560

The string literal containing your thumbprint has a left-to-right mark at the beginning. When MMC lists the certificate properties, it precedes the thumbprint value with this character so that the hex bytes are listed left to right even in locales where the text is normally rendered right to left.

Likely, this was a shortcut someone took because it was easier to prepend a character to one of the values in the property list than write a bit of code to dynamically update the edit control's style. Perhaps it was a quick fix to a bug report during localization testing.

In the MMC, the left-to-right mark has non-zero width, which you can observe by watching the cursor move when you arrow across it and my noticing that the first row of hex bytes is shifted slightly to the right compared to the second row.

In other editors such as Visual Studio, the left-to-right mark has no width, but you can still observe it by noticing that the cursor does not move when you arrow across is. As KenD answered, deleting this character solves the problem.

Quick way to identify the invisible character: Use the keyboard to select the invisible character; then paste it into Word between some normal characters. Select it in Word; then click Insert > Symbol > More Symbols. Look in the lower left under "Unicode name".

score 10 · Answer 3 · answered Jun 03 '15 at 15:08

to ensure that those LTR "\u200e" and RTL "\u200f" chars are removed from your thumbprint string do the following

thumbprint = thumbprint.Replace("\u200e", string.Empty).Replace("\u200f", string.Empty).Replace(" ",string.Empty);

the last string replace for the white space removal isnt completely necessary as it finds my certificate with or without them.

other troublesome unicode characters can be found here

UTF-8 encoding table and Unicode characters

score 5 · Answer 4 · answered May 20 '15 at 09:04

My two cents: I copied the value in MMC and pasted it in VS with White Spaces enabled.

There was nothing in the beginning but a space in the end: "1e 52 73 0d 00 29 e6 85 7b e6 23 e2 fa c7 a5 08 ac 36 5e 57 "

Now, in web.config file I pasted the value maintaining all the spaces inside, removing the final space: "1e 52 73 0d 00 29 e6 85 7b e6 23 e2 fa c7 a5 08 ac 36 5e 57"

This works fine.

If I use "1e52730d0029e6857be623e2fac7a508ac365e57", removing the space inside as I see in other posts, doesn't work...

Hope this can help ;)

score 4 · Answer 5 · answered May 21 '16 at 02:09

4

I run this powershell script to get all thumbprints and redirect the output to a text file and copy the thumbprint from there.

Get-ChildItem -path cert:\LocalMachine\My

To redirect to the output to a text file use this:

Get-ChildItem -path cert:\LocalMachine\My > thumbprints.txt

answered May 21 '16 at 02:09

Pradeep

731
1
7
13

1

Thank you for this! I had a certificate already and just didn't know it. This revealed what I needed to know. – rjacobsen0 Oct 19 '20 at 18:15

score 3 · Answer 6 · answered Aug 14 '18 at 05:07

I did the following to remove the extra character, and also to remove anything else that's not valid hexadecimal (and ToUpper it):

            thumbprint = Regex.Replace(thumbprint.ToUpper(), @"[^0-9A-F]+", string.Empty);

This allowed me to copy the thumbprint straight from the cert manager dialog and paste it straight into my usage.

score 0 · Answer 7 · answered Mar 08 '16 at 20:33

I was able to resolve issue by writing a console application that retrieve all certs on certificate and output the thumbprint id. I copied the console output and inserted the thumbprint exactly. No issues. Seems like copying from the MMC console causes issues even though the data looks similar. I used this site as starting point to reading all certificates.

https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.thumbprint(v=vs.110).aspx

How to find certificate by its thumbprint in C#

7 Answers7

Linked