0

I have an API that creates and exports certificates, I also have access to the UI to export them manually. The problem here is: when I export a cert using c# the API returns a well-formed base64 string, if I take this string and convert it to an X.509 object it still works, but, when I export this to a cert file it seems to be insecure. If I export the certificate manually it returns the exact base64 string, but it seems to be secure and well-formed. So, what's the difference? or how could I export the base64 string to a cert file while avoiding insecurity issues? Thanks in advance.

My current approach is:

File.WriteAllBytes("certification.cer", GetCertificate(base64).Export(System.Security.Cryptography.X509Certificates.X509ContentType.Cert));

And:

File.WriteAllBytes("certification.cer", Convert.FromBase64String(base64))
Luis Barajas
  • 478
  • 3
  • 12
  • I'm guessing right now but this seems to be similar to another posting (https://stackoverflow.com/questions/64050678/potential-risk-error-for-certificate-for-localhost#comment113263419_64050678). I think the check of the certificate is actually making a connection and the connection is failing due to TLS. Read my comments in the link to other posting. – jdweng Sep 26 '20 at 02:51
  • The `Cert` content type is just the public certificate data. What security are you expecting? – bartonjs Sep 26 '20 at 04:32
  • @bartonjs I've tried with the other export options but no one worked – Luis Barajas Sep 28 '20 at 14:12
  • @LuisBarajas “when I export this to a cert file it seems to be insecure” what do you mean by “insecure” here? – bartonjs Sep 28 '20 at 15:34
  • @bartonjs I mean, windows adds a warning icon when I open it, further the certification route shows only one step instead of three – Luis Barajas Sep 28 '20 at 15:54
  • @bartonjs in fact, this is the exact error the certificate is throwing when I open it: "could not find certificate issuer" – Luis Barajas Sep 28 '20 at 16:40

0 Answers0