0

I use this link to Enrol new Certificate.

When the Windows is lock or logged in everything works fine and create request and install it properly.

Running the code as Windows Service, so when I restart the machine, and service is starting cannot create request and get the error the following line:

objPrivateKey.Create();

And the error is:

System.IO.FileNotFoundException: CertEnroll::CX509PrivateKey::Create: The system cannot find the file specified. 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND) at CERTENROLLLib.IX509PrivateKey2.Create()

Any idea how can I fix this issue? Thanks

Hadi Samadzad
  • 1,480
  • 2
  • 13
  • 22
Peyman
  • 3,068
  • 1
  • 18
  • 32
  • if your certificate requires a user context then you cant create it from the `LocalSystem` account that runs your service. you might have to start the service under a different user, or spawn a process with a user token of someone who has the permission to create that key. – Charles Dec 13 '19 at 01:40
  • I impersonate the process and enroll run under domain account. Still need to run the service under the user account? – Peyman Dec 13 '19 at 02:39
  • you might also try : X509KeyStorageFlags.MachineKeySet option when creating the cert, by default private keys are stored in the USER Storage, MachineKeySet is described as "private keys are stored in the local computer store rather than the current user store" – Charles Dec 13 '19 at 02:57
  • Using that COM API can lead to your undocumented bugs such as https://blog.lextudio.com/ix509enrollment-installresponse-method-failed-on-windows-server-2016-fd1a7c1a7b33 So you should consider calling certreq command line utility directly. – Lex Li Dec 13 '19 at 06:14
  • Related posts - For on-premise deployement : [CryptographicException was unhandled: System cannot find the specified file](https://stackoverflow.com/q/17840825/465053). For Azure deployment : [Certenroll on Azure - Generating self signed certificates](https://stackoverflow.com/q/58800004/465053) – RBT Nov 21 '21 at 08:04

0 Answers0