4

I am currently trying to access a service provided by a 3rd party. They have issued us a certificate in PKCS format. The certificate is installed in Local computer - Trusted root directory.

Our application at run time finds this certificate and sends it to the authentication URL hosted by the 3rd party, where it is authenticated and the SAML tokens are issued. This is then used to call the actual service that does the functionality we desire.

when I run my application consuming this service via the service reference in the development machine [Windows 7] everything works smoothly.

Now the pain point is since we have a Citrix environment where the testing would take place, we get an error as

Exception in METHOD: SOAP security negotiation with "Service URL" for target failed. Inner Exception: System.Security.Cryptography.CryptographicException: Keyset does not exist.

Can any one help me in resolving this issue, as am unable to reproduce it my local and it happens only in the server OS, am not sure if its an issue with privileges or some code issue.

davmos
  • 9,324
  • 4
  • 40
  • 43
Abishek Alva
  • 89
  • 1
  • 7

2 Answers2

9

There are two likely causes of this issue:

  1. The certificate does not have a private key.
  2. The user your process runs as does not have permissions to read the private key.

As you already have this up & running in your development environment, lets assume the cause is 2.

If you don't know it already, you need to determine the user account that your process runs as on your test server. Then open MMC on the test server and add the Certificates snap-in. Find the certificate, right-click and choose All Tasks | Manage Private Keys... and grant read access to the user.

Read lots more about this at:

X509Certificate - Keyset does not exist

CryptographicException 'Keyset does not exist', but only through WCF

Service failure with CryptographicException – Keyset does not exist

Wcf: Keyset does not exist

Community
  • 1
  • 1
davmos
  • 9,324
  • 4
  • 40
  • 43
0

Thanks for the information. The root cause for this issue was permission issue for the certificate. Since the certificate was installed in the server with Admin privileges, the permission had to be given to all the users for accessing the certificate.

Abishek Alva
  • 89
  • 1
  • 7