Loading X509Certificate2 crashing the ASP.NET MVC website

Question

Simply I have X509Certificate2 certifacate which I want to load it in ASP.NET MVC Application.

simply here is the code

public partial class Startup
{
    public void Configuration(IAppBuilder app)
    {
        string path = HostingEnvironment.MapPath("~/Certificates.p12");
        // the path is correct, I logged it to a file and it was correct

        byte [] certBytes = File.ReadAllBytes(path);
        X509Certificate2 cert = new X509Certificate2(certBytes, "some password");
    }
}

and even this is not working

public partial class Startup
{
    public void Configuration(IAppBuilder app)
    {
        string path = HostingEnvironment.MapPath("~/Certificates.p12");
        // the path is correct, I logged it to a file and it was correct

        X509Certificate2 cert = new X509Certificate2(path, "some password");
    }
}

in the two previous cases, the code is working on my local machine, BUT when moving this code to our server, then the statement

X509Certificate2 cert = new X509Certificate2(/*whatever bytes or path*/, "some password");

is breaking, actually this statement get my IIS's Application pool to be stopped and I get Http 503 Service Unavailable error when I try to reach the website.

When I remove the previous statement, there is no 503 Error and the website is reachable.

I tried to move this statement to another class (putting it not in the startup of the website) but the result was the same.

EDIT for some very strange reason I can not log the exception which occur. so I do not know what is the exact problem of this

EDIT I just created a small console application, and I tried to read the same certificate file from it, and it worked perfectly both on my local machine and on the server, so I suspect the problem not from the certificate file and not from the server, but the combination of the ASP.NET MVC project with the certificate file is producing this problem

EDIT
Here is the Event log of the server

Application pool 'SmaresDev' is being automatically disabled due to a series of failures in the process(es) serving that application pool.

A process serving application pool 'SmaresDev' suffered a fatal communication error with the Windows Process Activation Service. The process id was '8520'. The data field contains the error number.

A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. the TLS protocol defined fatal error code is 10. The windows SChannel error state is 1203.

Any Ideas.

What is this very strange reason to not to be able to log any exceptions? There are some possible common issues around certificates and having an exception at hand would dramatically narrow the set of possible problems. — Wiktor Zychla, Jul 19 '17 at 15:19
the problem is appear only on server, so it is so difficult to debug it, I hope it was appear on my local machine so I could debug it. — Hakan Fıstık, Jul 19 '17 at 15:32
@webnoob no there is no sub error code in the chrome, but I could test it from post man, it may give sub error code — Hakan Fıstık, Jul 19 '17 at 15:41
Not sure chrome will show it. Going into the IIS server logs to confirm would be more definitive. — webnoob, Jul 19 '17 at 15:46
@Crypt32 yes, I tried to enclose the code with `try/catch`but the log did not affected at all. — Hakan Fıstık, Jul 19 '17 at 16:14
Then the problem is somewhere else. If you don't have exception and stack trace, how you can tell that exactly this part fails? — Crypt32, Jul 19 '17 at 16:15
@Crypt32 The point is that the app pool crashes with that line in there. It doesn't necessarily mean the code is broken, it just means IIS doens't like it for one reason or another.. — webnoob, Jul 19 '17 at 20:22
@HakamFostok Does Windows | Event Viewer show anything useful? It should add a log when the app pool closes down. — webnoob, Jul 19 '17 at 20:39
As I suspected, it's something to do with the security settings on the machine / IIS. Google provided this information: http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=mmr_kc-0123982 It's suggesting changing some settings in the group policy. Are you able to do this? If you can, make the changes and then do a restart to be sure then re-test. — webnoob, Jul 20 '17 at 10:17
I'd raise it as a red flag to your boss in that case. This is almost certainly a server configuration issue. — webnoob, Jul 20 '17 at 11:52

score 1 · Accepted Answer · edited Sep 20 '17 at 07:21

1

I was experiencing something similar with a crash where no exceptions were being caught. I had the similar issues in the event viewer and also ran into the same thing with the console application working fine. I fixed it as the following

X509Certificate2 Cert = new X509Certificate2(path, "some password", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);

I'm not sure why it works, but it did for me, and hopefully does for you too.

edited Sep 20 '17 at 07:21

Hakan Fıstık

16,800
14
110
131

answered Aug 02 '17 at 00:35

schwingms

264
1
2
8

Can you provide the source of this solution ? – Hakan Fıstık Aug 02 '17 at 07:47
Thank you so much, it is worked for me also. – Hakan Fıstık Aug 02 '17 at 08:08
I found my solution from this answer here: https://stackoverflow.com/questions/15003628/x509certificate2-makes-iis-crash – schwingms Aug 02 '17 at 21:43

Loading X509Certificate2 crashing the ASP.NET MVC website

1 Answers1