Import SSL Cert

      Import SSL Cert

      I tried to Import a SSL Client Certificate on ARMStone A5 (WEC2013) and i have following problem:

      First Way (GUI):
      - I tried it over the 'System Control' way by GUI and i could successfully implement my Root Cert in 'Trusted Authorities'
      - after that, i want to implement my Client Cert (pvk) im 'My Certificates', but after i type in my Import Password the key does not appear in list and it doesnt work in application
      Second Way (ndcucfg):
      - when i try it over ndcucfg, i just got a sequenze of that:
      Please enter Password:Please enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter password......

      and it is not possible to enter

      ????

      Note:
      First I debug the code and the cert on a Desktop System where it is working perfect. Iam absolut sure that everything is right with code, Cert and Connection to Server!!!!
      ?????

      I searched for other ways to Import it, but in .net compact Framework it is just possible to use the way over the Windows Cert Store.

      // Specifies the X.509 certificate used by the client.
      ClientCredentials cc = new ClientCredentials();
      cc.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "testuser");
      parameters.Add(cc);

      When i try to Import it via byteArray, it is not possible in compact Framework , just in Desktop Framework. Other ways ????
      We need secure connection to Server, to finalize out project!!!!
      What is about OpenSSL?
      I know that one of our customers do the imports from attachments for WEC2013 on a ASA5. I did not test it nor i know which functuionalty is included in detail, please refer OpenSSL. Also note the licence.

      Hope this helps.
      Files
      • LIBEAY32.zip

        (213.21 kB, downloaded 202 times, last: )
      • SSLEAY32.zip

        (278.62 kB, downloaded 219 times, last: )
      F&S Elektronik Systeme GmbH
      As this is an international forum, please try to post in English.
      Da dies ein internationales Forum ist, bitten wir darum, Beiträge möglichst in Englisch zu verfassen.
      hmmm ok, but i don't think for wcf Server. i think it makes no difference with which tool I create the certificate, perhaps they will do it through other ways.

      I'm using the offical MS way for Transport security and basic http binding:
      msdn.microsoft.com/en-us/library/bb629363.aspx

      i tried a lot of tricky methods, but no success. other Forums says that it is just possible over Windows cert store!

      social.msdn.microsoft.com/Foru…ork-35?forum=netfxcompact
      stackoverflow.com/questions/19…net-compact-framework-3-5

      nobody could solved the Problem

      Post was edited 1 time, last by “bgontek” ().

      i found a code in vb.net where it is possible to Import by pinvoke to set pfx in Windows store. when i try it the key appears in list and i can find the key via

      cc = New ClientCredentials
      cc.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "wcf.gon-tech.com")

      but the Server does not accept the key. on Desktop it works! maybe it helps you to solve the problem
      Imports System.IO
      Imports System.Runtime.InteropServices

      Public Class Crypto

      #Region "CONSTS"

      Public Const CERT_STORE_ADD_REPLACE_EXISTING As Int32 = 3
      Public Const CERT_STORE_PROV_SYSTEM As Int32 = 10
      Public Const CERT_SYSTEM_STORE_CURRENT_USER_ID As Int32 = 1
      Public Const CERT_SYSTEM_STORE_LOCATION_SHIFT As Int32 = 16
      Public Const CERT_SYSTEM_STORE_CURRENT_USER As Int32 = CERT_SYSTEM_STORE_CURRENT_USER_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT

      #End Region

      #Region "STRUCTS"

      <StructLayout(LayoutKind.Sequential)> _
      Public Structure CRYPT_DATA_BLOB

      Public cbData As Integer
      Public pbData As IntPtr

      End Structure

      <StructLayout(LayoutKind.Sequential)> _
      Public Structure CERT_CONTEXT

      Public dwCertEncodingType As UInteger

      <MarshalAs(UnmanagedType.LPArray, SizeParamIndex:=2)> _
      Public pbCertEncoded As Byte()

      Public cbCertEncoded As UInteger

      Public pCertInfo As IntPtr

      Public hCertStore As IntPtr

      End Structure

      #End Region

      #Region "FUNCTIONS (IMPORTS)"

      <DllImport("Crypt32.dll", CharSet:=CharSet.Auto, SetLastError:=True)> _
      Public Shared Function CertOpenStore(storeProvider As Integer, dwMsgAndCertEncodingType As UInteger, hCryptProv As IntPtr, dwFlags As UInteger, cchNameString As [String]) As IntPtr
      End Function

      <DllImport("Crypt32.dll", SetLastError:=True)> _
      Public Shared Function PFXImportCertStore(ByRef pPfx As CRYPT_DATA_BLOB, <MarshalAs(UnmanagedType.LPWStr)> szPassword As [String], dwFlags As UInteger) As IntPtr
      End Function

      <DllImport("Crypt32.dll", SetLastError:=True)> _
      Public Shared Function CertAddCertificateContextToStore(hCertStore As IntPtr, pCertContext As IntPtr, dwAddDisposition As Int32, ByRef ppStoreContext As IntPtr) As [Boolean]
      End Function

      <DllImport("Crypt32.DLL", SetLastError:=True)> _
      Public Shared Function CertEnumCertificatesInStore(storeProvider As IntPtr, prevCertContext As IntPtr) As IntPtr
      End Function

      <DllImport("Crypt32.dll", SetLastError:=True)> _
      Public Shared Function CertCloseStore(hCertStore As IntPtr, dwFlags As Int32) As [Boolean]
      End Function

      #End Region

      End Class

      Namespace ImportCert


      Public Class PFXImport

      Friend Shared Function ReadFile(fileName As String) As Byte()

      Dim f As New FileStream(fileName, FileMode.Open, FileAccess.Read)

      Dim size As Integer = CInt(f.Length)

      Dim data As Byte() = New Byte(size - 1) {}

      size = f.Read(data, 0, size)

      f.Close()

      Return data

      End Function

      Public Shared Sub Import(args As String())

      If args.Length < 2 Then

      Console.WriteLine("Usage: ImportCert <PFX filename> password")

      Return
      End If

      Try

      Dim hCryptProv As IntPtr = IntPtr.Zero

      Dim hCertStore As IntPtr = Crypto.CertOpenStore(Crypto.CERT_STORE_PROV_SYSTEM, 0, hCryptProv, Crypto.CERT_SYSTEM_STORE_CURRENT_USER, "MY")

      If hCertStore <> IntPtr.Zero Then


      Dim rawData As Byte() = ReadFile(args(0))

      Dim ppfx As New Crypto.CRYPT_DATA_BLOB()

      ppfx.cbData = rawData.Length

      ppfx.pbData = Marshal.AllocHGlobal(rawData.Length)

      Marshal.Copy(rawData, 0, ppfx.pbData, rawData.Length)

      Dim hMemStore As IntPtr = Crypto.PFXImportCertStore(ppfx, args(1), 0)

      If hMemStore <> IntPtr.Zero Then


      Dim pctx As IntPtr = IntPtr.Zero

      Dim pStoreContext As IntPtr = IntPtr.Zero

      While IntPtr.Zero <> (InlineAssignHelper(pctx, Crypto.CertEnumCertificatesInStore(hMemStore, pctx)))
      Crypto.CertAddCertificateContextToStore(hCertStore, pctx, Crypto.CERT_STORE_ADD_REPLACE_EXISTING, pStoreContext)
      End While
      Crypto.CertCloseStore(hMemStore, 0)
      End If

      Crypto.CertCloseStore(hCertStore, 0)

      End If

      Catch e As Exception
      Console.WriteLine(e.Message)
      End Try

      End Sub
      Private Shared Function InlineAssignHelper(Of T)(ByRef target As T, value As T) As T
      target = value
      Return value
      End Function

      End Class
      End Namespace

      Post was edited 2 times, last by “bgontek” ().

      ok i got it!!!

      That works for self signed certs:
      1. use the code on top to Import pfx file in my certs
      2. now you have an unsigned key, although you have import a root cert
      3. i don't found a way to sign the cert, but that is not important in embedded, beacause it is isolated anyway. Forget the root cert!
      4. set the cert like that (vb.net):

      cc = New ClientCredentials
      cc.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "subjectname")

      and now tell the System to trust the unsigned certs:

      create class:

      Imports System
      Imports System.Net
      imports System.Security.Cryptography.X509Certificates

      Public Class TrustAllCertificatePolicy
      Implements System.Net.ICertificatePolicy

      Public Sub New()
      MyBase.New()
      End Sub

      Public Function CheckValidationResult(ByVal sp As ServicePoint, ByVal cert As X509Certificate, ByVal req As WebRequest, _
      ByVal problem As Integer) As Boolean Implements ICertificatePolicy.CheckValidationResult
      Return True
      End Function
      End Class

      and put following under the set cert method:

      cc = New ClientCredentials

      cc.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "subjectname")
      System.Net.ServicePointManager.CertificatePolicy = New TrustAllCertificatePolicy()


      thats it!
      When I import a cert with ndcucfg i get no error and need no password.

      Source Code

      1. cert import cert MY cert.crt
      F&S Elektronik Systeme GmbH
      As this is an international forum, please try to post in English.
      Da dies ein internationales Forum ist, bitten wir darum, Beiträge möglichst in Englisch zu verfassen.