Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Security / January 2008

Tip: Looking for answers? Try searching our database.

Error when using SSL and certificate required

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
APA - 31 Jan 2008 04:59 GMT
I have a .NET 2.0 application that accesses a web service (written in .NET 1.1).  When certificate is required we receive the following error:

A fatal error occurred when attempting to access the SSL  credential private key. The error code returned from the cryptographic module is 0x80090016

This is on the client and the client gets it certificate from a CAC card that the user uses to login with.  I have some sites working fine but this
one is a problem.  The web server is Win2003 with IIS 6.0.  When I watch the database activity, there is none when we set the website to require
certificate but as soon as we turn if off the site works fine.  The client OS's are Vista and XP.

Any ideas on where I might look?
Reply to this Message
Joe Kaplan - 31 Jan 2008 15:56 GMT
That error code corresponds to "Keyset does not exist" according to err.exe.
So, it would appear that there is something generally wrong related to the
use of the private key on the smart card in this instance.  You might check
the system event log to see if there are any additional error details from
schannel and might also consider turning on schannel debugging to see if you
can get more details.

Does the smartcard work for other stuff?  For example, can IE open the web
service test page when client cert auth is required?

Joe K.

Signature

Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--

>I have a .NET 2.0 application that accesses a web service (written in .NET
>1.1).  When certificate is required we receive the following error:
[quoted text clipped - 11 lines]
>
> Any ideas on where I might look?
Reply to this Message
Dominick Baier - 31 Jan 2008 16:03 GMT
Keyset does not exist mostly means that access to the private key is not
granted. In that case the client.

Since the key is on the card it must be some card related config/settings.

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

> That error code corresponds to "Keyset does not exist" according to
> err.exe. So, it would appear that there is something generally wrong
[quoted text clipped - 7 lines]
>
> Joe K.
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.