3

I have an asp.net 4.0 project that uses a combination of Bouncy Castle and the .Net framework to create an X509 certificate.

It runs properly on my W7 dev machine but when installed on W2008 (32 bit, not r2) this bit of code:

CX509CertificateRequestPkcs10 csr = new CX509CertificateRequestPkcs10();

throws this exception:

Unable to cast COM object of type 'System.__ComObject' to interface type 'CERTENROLLLib.CX509CertificateRequestPkcs10'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{728AB35B-217D-11DA-B2A4-000E7BBB2B09}' failed due to the following error: No such interface supported (Exception from HRESULT: 0x80004002 (E_NOINTERFACE)).

Initially I thought it might be a 64-bit server issue since COM is only 32-bit compatible but the server is 32 bit.

The app is built using Framework 4.0 and the IIS AppPool assigned is running 4.0, Integrated mode, with an Identity of "Network Service" - all exactly as on my dev machine, as the the client browser used (IE8 32).

Does W2008-32 (Standard) not implement CERTENROLLLib out of the box? Does anyone know how to make it behave in this circumstance?

Thanks for any suggestions!

Serexx
  • 1,232
  • 1
  • 15
  • 32

1 Answers1

6

When you instantiate CX509CertificateRequestPkcs10 object specify explicitly what interface you want to use (by ProgID). In Win2008 R2 Microsoft overwrote the interface. Instead of:

CX509CertificateRequestPkcs10 objPkcs10 = new CX509CertificateRequestPkcs10();

use:

IX509CertificateRequestPkcs10 objPkcs10 = (IX509CertificateRequestPkcs10)Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CX509CertificateRequestPkcs10"));

Since in Win2008 R2 Microsoft overwrote the interface, if the code is written in Win2008 R2 the run time is looking for the new interface GUID and in regular Win2008 it can't be found because Win2008 R2 interface GUID differs from Win2008 interface Guid.

So, object can't be created, and as the result exception is thrown.

Accessing the interface by ProgID solves the issue.

See: TechNet Answer - on W2008-32 one has to specify the Interface GUID when creating the Pkcs10 object, since R2 overwrote the old "standard" interfaces.

flayn
  • 5,272
  • 4
  • 48
  • 69
Serexx
  • 1,232
  • 1
  • 15
  • 32
  • 1
    I updated you answer to include the solution. I had the same problem and your solution saved me a lot of time. Thanks. – flayn Oct 07 '14 at 12:46
  • 1
    Did that happen again from 2012R2 to 2016? My code worked perfectly on my W10 x64 dev machine, but not on the 2012R2 x64 web server. Now it does! Thank you so much. – fero May 02 '17 at 15:05