3

I get this message:

Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'LocalMachine', FindType 'FindBySubjectDistinguishedName', FindValue 'CN=HighBall'.

My web.config setup looks like this;

Authentication is set like...

<authentication mode="Windows" />

The bindings are set for wsHttpBinging

and my Service behavior is set as such...

<behavior name="HighBall.Services.ServiceVerificationBehavior">
  <serviceAuthorization principalPermissionMode="UseAspNetRoles"
        roleProviderName="HighBallRoleProvider" />
  <serviceMetadata httpGetEnabled="true" />
  <serviceDebug includeExceptionDetailInFaults="true" />
  <serviceCredentials>
    <serviceCertificate findValue="CN=HighBall" />
    <userNameAuthentication userNamePasswordValidationMode="MembershipProvider"
        membershipProviderName="HighBallMembershipProvider" />
  </serviceCredentials>
</behavior>

I've tried to figure out a way to verify what, how, and where to certificate is stored but am not sure how to do this. If anyone has any ideas on this error message I'd greatly appreciate the assist.

Hooked
  • 84,485
  • 43
  • 192
  • 261
Adron
  • 2,371
  • 7
  • 25
  • 30

3 Answers3

5

Remember that ASP.NET runs as a different user. It may need to be assigned access to the certificate.

Richard Nienaber
  • 10,324
  • 6
  • 55
  • 66
  • From my experience, only the user that installed the certificates into the store has rights to access them. ASP.NET then can't see the certificate when it tries to access it. You need to use a tool like winhttpcertcfg to give the ASP.NET user access. – Richard Nienaber Mar 02 '09 at 14:17
  • This was exactly my problem. I had to add certificate to Local Machine instead of Current user. link to solution: https://technet.microsoft.com/en-us/library/cc754841(v=ws.11).aspx?f=255&mspperror=-2147217396 under "Adding certificates to the Trusted Root Certification Authorities store for a local computer" – ltiveron Oct 03 '16 at 13:43
2

Check the other post about the tool that you asked about. Verify your "my" storage and check if the CN="HighBall". I guess your CN is not just "HighBall", probably it has a top level domain. I think it's easier to look for the certificate serial number, i think it's faster than for it's canonical name and error prone.

Regards,

Victor

VP.
  • 5,122
  • 6
  • 46
  • 71
0

Try to use Certificate Manager (with MMC) to see installed certificates. Instructions for XP: manage certificates for a computer, probably similar with Vista and 7 as well.

I was having problems with service unable to find the x509 certificate, but by using the Certificate Manager I found out that "Install PFX" command from Windows Explorer had not installed the certificate at all! This was fixed by importing the certificate from Certificate Manager.

Lauri I
  • 228
  • 1
  • 4
  • 11