3

I have a small console application that uses a client certificate to make an HttpWebRequest:

X509Certificate Cert = X509Certificate.CreateFromCertFile("JohnDoe.cer");            
HttpWebRequest Request = (HttpWebRequest)
WebRequest.Create("https://10.135.12.166:4434");
Request.ClientCertificates.Add(Cert);
Request.UserAgent = "Client Cert Sample";
Request.Method = "GET";
HttpWebResponse Response = (HttpWebResponse) Request.GetResponse();

I will have access to the corresponding .pfx file when I execute this code on my machine, and I believe using something mentioned in this thread I'll be able to install the pfx file on my machine, but I don't want to do this.

Is there any way by which I'll be able to make this request with the pfx certificate somehow attached in the request? I mean, by just replacing JohnDoe.cer with JohnDoe.pfx in the above code, or something of the sort?

Thanks.

EDIT: The entire point of this question is that I want a way to work with the cert without having to instal it on my computer. I can use it in the manner esskar and xaver suggested, but I don't want to install the cert on my machine. If this isn't possible to do, any chance someone can provide an explanation about why we can't do this?

Community
  • 1
  • 1
GrowinMan
  • 4,891
  • 12
  • 41
  • 58
  • what does installing mean? Copying it to the maschine? or installing it into the certificate store of your computer? please explain more! – esskar Aug 12 '14 at 21:00

2 Answers2

6

PFX is a container that can hold one or more certificates. You can open them in c# using the following code

X509Certificate2Collection collection = new X509Certificate2Collection();
collection.Import("JohnDoe.pfx", "password-for-pfx", X509KeyStorageFlags.PersistKeySet);

now iterate over the collection and find the certificate you need

foreach (X509Certificate2 cert in collection)
{
    // work with cert
}

this should help you know!

QUESTION:

what does installing mean? Copying it to the maschine? is it okay, to put it into your programm? you cannot use a CER file only, since the CER file does not contain the private key that you need to do client authentication.

esskar
  • 10,638
  • 3
  • 36
  • 57
  • 1
    Even for this, I'll have to install the cert on my machine right? That code won't execute unless I install the cert on my machine. That's what I'm trying to avoid here. Added details to question. – GrowinMan Aug 12 '14 at 20:53
  • Installing the cert = Installing in the microsoft management console (I'm using windows). I'm trying to figure if you can send the .pfx file in the request, without having to install it in the microsoft management console, i.e. not having to do this: http://pubs.vmware.com/view-51/index.jsp?topic=%2Fcom.vmware.view.installation.doc%2FGUID-2D968AD7-ED62-46CA-B2B2-CCC526CA09F5.html – GrowinMan Aug 12 '14 at 21:13
  • 1
    Oh, I completely ignored the value of X509KeyStorageFlags.PersistKeySet(). I'm using it as X509Certificate2("JohnDoe.pfx","pass",X509KeyStorageFlags.PersistKeySet) since I just need one certificate. Thank you very much for your answer, this did it :) – GrowinMan Aug 12 '14 at 23:09
0

Replace the first line with this

X509Certificate Cert = new X509Certificate("path/to/JohnDoe.cer");

You also can provide the *.pfx file instead of the *.cer

If the certificate is password protected you can provide it as second parameter

Xaver
  • 383
  • 1
  • 4
  • 15