Import SSL Cert

I tried to Import a SSL Client Certificate on ARMStone A5 (WEC2013) and i have following problem:

First Way (GUI):
- I tried it over the 'System Control' way by GUI and i could successfully implement my Root Cert in 'Trusted Authorities'
- after that, i want to implement my Client Cert (pvk) im 'My Certificates', but after i type in my Import Password the key does not appear in list and it doesnt work in application
Second Way (ndcucfg):
- when i try it over ndcucfg, i just got a sequenze of that:
Please enter Password:Please enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter passwordPlease enter password......

and it is not possible to enter

????

Note:
First I debug the code and the cert on a Desktop System where it is working perfect. Iam absolut sure that everything is right with code, Cert and Connection to Server!!!!

?????

I searched for other ways to Import it, but in .net compact Framework it is just possible to use the way over the Windows Cert Store.

// Specifies the X.509 certificate used by the client.
ClientCredentials cc = new ClientCredentials();
cc.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "testuser");
parameters.Add(cc);

When i try to Import it via byteArray, it is not possible in compact Framework , just in Desktop Framework. Other ways ????
We need secure connection to Server, to finalize out project!!!!

hmmm ok, but i don't think for wcf Server. i think it makes no difference with which tool I create the certificate, perhaps they will do it through other ways.

I'm using the offical MS way for Transport security and basic http binding:
http://msdn.microsoft.com/en-us/library/bb629363.aspx

i tried a lot of tricky methods, but no success. other Forums says that it is just possible over Windows cert store!

https://social.msdn.microsoft.…ork-35?forum=netfxcompact
http://stackoverflow.com/quest…net-compact-framework-3-5

nobody could solved the Problem

i found a code in vb.net where it is possible to Import by pinvoke to set pfx in Windows store. when i try it the key appears in list and i can find the key via

cc = New ClientCredentials
cc.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "wcf.gon-tech.com")

but the Server does not accept the key. on Desktop it works! maybe it helps you to solve the problem

Imports System.IO
Imports System.Runtime.InteropServices

Public Class Crypto

#Region "CONSTS"

Public Const CERT_STORE_ADD_REPLACE_EXISTING As Int32 = 3
Public Const CERT_STORE_PROV_SYSTEM As Int32 = 10
Public Const CERT_SYSTEM_STORE_CURRENT_USER_ID As Int32 = 1
Public Const CERT_SYSTEM_STORE_LOCATION_SHIFT As Int32 = 16
Public Const CERT_SYSTEM_STORE_CURRENT_USER As Int32 = CERT_SYSTEM_STORE_CURRENT_USER_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT

#End Region

#Region "STRUCTS"

<StructLayout(LayoutKind.Sequential)> _
Public Structure CRYPT_DATA_BLOB

Public cbData As Integer
Public pbData As IntPtr

End Structure

<StructLayout(LayoutKind.Sequential)> _
Public Structure CERT_CONTEXT

Public dwCertEncodingType As UInteger

<MarshalAs(UnmanagedType.LPArray, SizeParamIndex:=2)> _
Public pbCertEncoded As Byte()

Public cbCertEncoded As UInteger

Public pCertInfo As IntPtr

Public hCertStore As IntPtr

End Structure

#End Region

#Region "FUNCTIONS (IMPORTS)"

<DllImport("Crypt32.dll", CharSet:=CharSet.Auto, SetLastError:=True)> _
Public Shared Function CertOpenStore(storeProvider As Integer, dwMsgAndCertEncodingType As UInteger, hCryptProv As IntPtr, dwFlags As UInteger, cchNameString As [String]) As IntPtr
End Function

<DllImport("Crypt32.dll", SetLastError:=True)> _
Public Shared Function PFXImportCertStore(ByRef pPfx As CRYPT_DATA_BLOB, <MarshalAs(UnmanagedType.LPWStr)> szPassword As [String], dwFlags As UInteger) As IntPtr
End Function

<DllImport("Crypt32.dll", SetLastError:=True)> _
Public Shared Function CertAddCertificateContextToStore(hCertStore As IntPtr, pCertContext As IntPtr, dwAddDisposition As Int32, ByRef ppStoreContext As IntPtr) As [Boolean]
End Function

<DllImport("Crypt32.DLL", SetLastError:=True)> _
Public Shared Function CertEnumCertificatesInStore(storeProvider As IntPtr, prevCertContext As IntPtr) As IntPtr
End Function

<DllImport("Crypt32.dll", SetLastError:=True)> _
Public Shared Function CertCloseStore(hCertStore As IntPtr, dwFlags As Int32) As [Boolean]
End Function

#End Region

End Class

Namespace ImportCert

Public Class PFXImport

Friend Shared Function ReadFile(fileName As String) As Byte()

Dim f As New FileStream(fileName, FileMode.Open, FileAccess.Read)

Dim size As Integer = CInt(f.Length)

Dim data As Byte() = New Byte(size - 1) {}

size = f.Read(data, 0, size)

f.Close()

Return data

End Function

Public Shared Sub Import(args As String())

If args.Length < 2 Then

Console.WriteLine("Usage: ImportCert <PFX filename> password")

Return
End If

Try

Dim hCryptProv As IntPtr = IntPtr.Zero

Dim hCertStore As IntPtr = Crypto.CertOpenStore(Crypto.CERT_STORE_PROV_SYSTEM, 0, hCryptProv, Crypto.CERT_SYSTEM_STORE_CURRENT_USER, "MY")

If hCertStore <> IntPtr.Zero Then

Dim rawData As Byte() = ReadFile(args(0))

Dim ppfx As New Crypto.CRYPT_DATA_BLOB()

ppfx.cbData = rawData.Length

ppfx.pbData = Marshal.AllocHGlobal(rawData.Length)

Marshal.Copy(rawData, 0, ppfx.pbData, rawData.Length)

Dim hMemStore As IntPtr = Crypto.PFXImportCertStore(ppfx, args(1), 0)

If hMemStore <> IntPtr.Zero Then

Dim pctx As IntPtr = IntPtr.Zero

Dim pStoreContext As IntPtr = IntPtr.Zero

While IntPtr.Zero <> (InlineAssignHelper(pctx, Crypto.CertEnumCertificatesInStore(hMemStore, pctx)))
Crypto.CertAddCertificateContextToStore(hCertStore, pctx, Crypto.CERT_STORE_ADD_REPLACE_EXISTING, pStoreContext)
End While
Crypto.CertCloseStore(hMemStore, 0)
End If

Crypto.CertCloseStore(hCertStore, 0)

End If

Catch e As Exception
Console.WriteLine(e.Message)
End Try

End Sub
Private Shared Function InlineAssignHelper(Of T)(ByRef target As T, value As T) As T
target = value
Return value
End Function

End Class
End Namespace

here is a list with dwFlags for wince5 but i don#t no how to implement

http://www.pinvoke.net/default…rypt32.pfximportcertstore

the Problem is that the root cert does not certificate the Client cert. arrrggggg

ok i got it!!!

That works for self signed certs:
1. use the code on top to Import pfx file in my certs
2. now you have an unsigned key, although you have import a root cert
3. i don't found a way to sign the cert, but that is not important in embedded, beacause it is isolated anyway. Forget the root cert!
4. set the cert like that (vb.net):

cc = New ClientCredentials
cc.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "subjectname")

and now tell the System to trust the unsigned certs:

create class:

Imports System
Imports System.Net
imports System.Security.Cryptography.X509Certificates

Public Class TrustAllCertificatePolicy
Implements System.Net.ICertificatePolicy

Public Sub New()
MyBase.New()
End Sub

Public Function CheckValidationResult(ByVal sp As ServicePoint, ByVal cert As X509Certificate, ByVal req As WebRequest, _
ByVal problem As Integer) As Boolean Implements ICertificatePolicy.CheckValidationResult
Return True
End Function
End Class

and put following under the set cert method:

cc = New ClientCredentials

cc.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "subjectname")
System.Net.ServicePointManager.CertificatePolicy = New TrustAllCertificatePolicy()

thats it!

try a key (.pvk) !

you need a key for authentification not a cert. when you use the offical MS example, it is just possible to autheticate by key! the cert is just important to sign the key
http://msdn.microsoft.com/en-us/library/bb629363.aspx