Import SSL Cert

  • I tried to Import a SSL Client Certificate on ARMStone A5 (WEC2013) and i have following problem:


    First Way (GUI):
    - I tried it over the 'System Control' way by GUI and i could successfully implement my Root Cert in 'Trusted Authorities'
    - after that, i want to implement my Client Cert (pvk) im 'My Certificates', but after i type in my Import Password the key does not appear in list and it doesnt work in application
    Second Way (ndcucfg):
    - when i try it over ndcucfg, i just got a sequenze of that:
    Please enter Password:Please enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter password......


    and it is not possible to enter


    ????


    Note:
    First I debug the code and the cert on a Desktop System where it is working perfect. Iam absolut sure that everything is right with code, Cert and Connection to Server!!!!

  • ?????


    I searched for other ways to Import it, but in .net compact Framework it is just possible to use the way over the Windows Cert Store.


    // Specifies the X.509 certificate used by the client.
    ClientCredentials cc = new ClientCredentials();
    cc.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "testuser");
    parameters.Add(cc);


    When i try to Import it via byteArray, it is not possible in compact Framework , just in Desktop Framework. Other ways ????
    We need secure connection to Server, to finalize out project!!!!

  • What is about OpenSSL?
    I know that one of our customers do the imports from attachments for WEC2013 on a ASA5. I did not test it nor i know which functuionalty is included in detail, please refer OpenSSL. Also note the licence.


    Hope this helps.

    Files

    • LIBEAY32.zip

      (213.21 kB, downloaded 276 times, last: )
    • SSLEAY32.zip

      (278.62 kB, downloaded 293 times, last: )

    F&S Elektronik Systeme GmbH
    As this is an international forum, please try to post in English.
    Da dies ein internationales Forum ist, bitten wir darum, Beiträge möglichst in Englisch zu verfassen.

  • hmmm ok, but i don't think for wcf Server. i think it makes no difference with which tool I create the certificate, perhaps they will do it through other ways.


    I'm using the offical MS way for Transport security and basic http binding:
    http://msdn.microsoft.com/en-us/library/bb629363.aspx


    i tried a lot of tricky methods, but no success. other Forums says that it is just possible over Windows cert store!


    https://social.msdn.microsoft.…ork-35?forum=netfxcompact
    http://stackoverflow.com/quest…net-compact-framework-3-5


    nobody could solved the Problem

  • i found a code in vb.net where it is possible to Import by pinvoke to set pfx in Windows store. when i try it the key appears in list and i can find the key via


    cc = New ClientCredentials
    cc.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "wcf.gon-tech.com")


    but the Server does not accept the key. on Desktop it works! maybe it helps you to solve the problem

  • Imports System.IO
    Imports System.Runtime.InteropServices


    Public Class Crypto


    #Region "CONSTS"


    Public Const CERT_STORE_ADD_REPLACE_EXISTING As Int32 = 3
    Public Const CERT_STORE_PROV_SYSTEM As Int32 = 10
    Public Const CERT_SYSTEM_STORE_CURRENT_USER_ID As Int32 = 1
    Public Const CERT_SYSTEM_STORE_LOCATION_SHIFT As Int32 = 16
    Public Const CERT_SYSTEM_STORE_CURRENT_USER As Int32 = CERT_SYSTEM_STORE_CURRENT_USER_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT


    #End Region


    #Region "STRUCTS"


    <StructLayout(LayoutKind.Sequential)> _
    Public Structure CRYPT_DATA_BLOB


    Public cbData As Integer
    Public pbData As IntPtr


    End Structure


    <StructLayout(LayoutKind.Sequential)> _
    Public Structure CERT_CONTEXT


    Public dwCertEncodingType As UInteger


    <MarshalAs(UnmanagedType.LPArray, SizeParamIndex:=2)> _
    Public pbCertEncoded As Byte()


    Public cbCertEncoded As UInteger


    Public pCertInfo As IntPtr


    Public hCertStore As IntPtr


    End Structure


    #End Region


    #Region "FUNCTIONS (IMPORTS)"


    <DllImport("Crypt32.dll", CharSet:=CharSet.Auto, SetLastError:=True)> _
    Public Shared Function CertOpenStore(storeProvider As Integer, dwMsgAndCertEncodingType As UInteger, hCryptProv As IntPtr, dwFlags As UInteger, cchNameString As [String]) As IntPtr
    End Function


    <DllImport("Crypt32.dll", SetLastError:=True)> _
    Public Shared Function PFXImportCertStore(ByRef pPfx As CRYPT_DATA_BLOB, <MarshalAs(UnmanagedType.LPWStr)> szPassword As [String], dwFlags As UInteger) As IntPtr
    End Function


    <DllImport("Crypt32.dll", SetLastError:=True)> _
    Public Shared Function CertAddCertificateContextToStore(hCertStore As IntPtr, pCertContext As IntPtr, dwAddDisposition As Int32, ByRef ppStoreContext As IntPtr) As [Boolean]
    End Function


    <DllImport("Crypt32.DLL", SetLastError:=True)> _
    Public Shared Function CertEnumCertificatesInStore(storeProvider As IntPtr, prevCertContext As IntPtr) As IntPtr
    End Function


    <DllImport("Crypt32.dll", SetLastError:=True)> _
    Public Shared Function CertCloseStore(hCertStore As IntPtr, dwFlags As Int32) As [Boolean]
    End Function


    #End Region


    End Class


    Namespace ImportCert



    Public Class PFXImport


    Friend Shared Function ReadFile(fileName As String) As Byte()


    Dim f As New FileStream(fileName, FileMode.Open, FileAccess.Read)


    Dim size As Integer = CInt(f.Length)


    Dim data As Byte() = New Byte(size - 1) {}


    size = f.Read(data, 0, size)


    f.Close()


    Return data


    End Function


    Public Shared Sub Import(args As String())


    If args.Length < 2 Then


    Console.WriteLine("Usage: ImportCert <PFX filename> password")


    Return
    End If


    Try


    Dim hCryptProv As IntPtr = IntPtr.Zero


    Dim hCertStore As IntPtr = Crypto.CertOpenStore(Crypto.CERT_STORE_PROV_SYSTEM, 0, hCryptProv, Crypto.CERT_SYSTEM_STORE_CURRENT_USER, "MY")


    If hCertStore <> IntPtr.Zero Then



    Dim rawData As Byte() = ReadFile(args(0))


    Dim ppfx As New Crypto.CRYPT_DATA_BLOB()


    ppfx.cbData = rawData.Length


    ppfx.pbData = Marshal.AllocHGlobal(rawData.Length)


    Marshal.Copy(rawData, 0, ppfx.pbData, rawData.Length)


    Dim hMemStore As IntPtr = Crypto.PFXImportCertStore(ppfx, args(1), 0)


    If hMemStore <> IntPtr.Zero Then



    Dim pctx As IntPtr = IntPtr.Zero


    Dim pStoreContext As IntPtr = IntPtr.Zero


    While IntPtr.Zero <> (InlineAssignHelper(pctx, Crypto.CertEnumCertificatesInStore(hMemStore, pctx)))
    Crypto.CertAddCertificateContextToStore(hCertStore, pctx, Crypto.CERT_STORE_ADD_REPLACE_EXISTING, pStoreContext)
    End While
    Crypto.CertCloseStore(hMemStore, 0)
    End If


    Crypto.CertCloseStore(hCertStore, 0)


    End If


    Catch e As Exception
    Console.WriteLine(e.Message)
    End Try


    End Sub
    Private Shared Function InlineAssignHelper(Of T)(ByRef target As T, value As T) As T
    target = value
    Return value
    End Function


    End Class
    End Namespace

  • ok i got it!!!


    That works for self signed certs:
    1. use the code on top to Import pfx file in my certs
    2. now you have an unsigned key, although you have import a root cert
    3. i don't found a way to sign the cert, but that is not important in embedded, beacause it is isolated anyway. Forget the root cert!
    4. set the cert like that (vb.net):


    cc = New ClientCredentials
    cc.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "subjectname")


    and now tell the System to trust the unsigned certs:


    create class:


    Imports System
    Imports System.Net
    imports System.Security.Cryptography.X509Certificates


    Public Class TrustAllCertificatePolicy
    Implements System.Net.ICertificatePolicy


    Public Sub New()
    MyBase.New()
    End Sub


    Public Function CheckValidationResult(ByVal sp As ServicePoint, ByVal cert As X509Certificate, ByVal req As WebRequest, _
    ByVal problem As Integer) As Boolean Implements ICertificatePolicy.CheckValidationResult
    Return True
    End Function
    End Class


    and put following under the set cert method:


    cc = New ClientCredentials


    cc.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "subjectname")
    System.Net.ServicePointManager.CertificatePolicy = New TrustAllCertificatePolicy()



    thats it!

  • When I import a cert with ndcucfg i get no error and need no password.


    Code
    1. cert import cert MY cert.crt

    F&S Elektronik Systeme GmbH
    As this is an international forum, please try to post in English.
    Da dies ein internationales Forum ist, bitten wir darum, Beiträge möglichst in Englisch zu verfassen.