Cannot read p12 file on windows server 2008

Question

I need to read a p12 file from a disk location, in my local environment all works fine, but when I publish the site to a windows server 2008 I'm getting the following error:

System.Security.Cryptography.CryptographicException: An internal error occurred.

at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx) at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)

The code I have is:

var certP12 = new X509Certificate2(
                    @"C:\temp\file.p12",
                    "123456",
                    X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);

I already set full permissions to the folder that has the p12 file.

Anyone can help with this?

Nine sorry, I change the path to show the code simpler, I will uopdate this, but this is not the problem, thanks — Julito Avellaneda, Dec 30 '17 at 06:13
Have you tried running the application with administrator privileges? — NineBerry, Dec 30 '17 at 06:14
This in a web site publish on IIS, running with the AppPoolIdentity, others app with the same identity ar working fine — Julito Avellaneda, Dec 30 '17 at 06:16

score 0 · Answer 1 · answered Dec 30 '17 at 06:39

0

Possible dupe, and has a probable answer:

"An internal error occurred." when loading pfx file with X509Certificate2

In short, in your local environment, it's probably trying to put the cert in your local user store, but that store is not accessible from your web site. It instead needs to be told to go to the machine store.

answered Dec 30 '17 at 06:39

Alan Bridgewater

51
4

Thanks Alan, checking it... but I dont want to install the p12, do you know if this is required? – Julito Avellaneda Dec 30 '17 at 13:20
AFAIK, all X509Certificate2 constructors store the cert in a container - so if you don't want it to go to the User container, you need to go to the Local Computer container. You might need to do some operation to delete it from the store once you're done with it if you really don't want it persisted. – Alan Bridgewater Jan 05 '18 at 05:59

Cannot read p12 file on windows server 2008

1 Answers1