 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / June 2005Private key not available for X.509 certificate under W2000
Hi all, I am having difficulty running a WSE 2.0 enabled Web Service under Windows 2000. I can run the same web service using X.509 certificates for authentication and encryption when the web service is on a Windows 2003 Server (Enterprise Edition) and the caller is on my Windows 2000 machine. But when the Web Service is on the same Windows 2000 machine I get the following returned from the web service call: Message "System.Web.Services.Protocols.SoapHeaderException: Server unavailable, please try later ---> System.InvalidOperationException: Private Key is not available\n at Microsoft.Web.Services2.Security.Cryptography.RSACryptoServiceProvider.Decrypt(Byte[] ciphertext, Boolean useOAEP)\n at Microsoft.Web.Services2.Security.Cryptography.RSA15KeyExchangeFormatter.DecryptKey(Byte[] cipherKey)\n at Microsoft.Web.Services2.Security.EncryptedKey.Decrypt()\n at Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement element)\n at Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnvelope envelope)\n at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope envelope)\n at Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapServerMessage message)\n --- End of inner exception stack trace ---" string I have been looking around Google Groups and have found a few people talking about there being difficulties in getting this to work on Windows 2000 and storing certificates under the "Other People" branch of the certificate store. In which certificate store does a WSE 2 web service look for a private certificate key? Is it looking in "Other people"? Can I change this? I am using VS.NET 2003 (C#). Is something just not supported under Windows 2000? Any help would be greatly appreciated? Hi Diego, The exception below suggests that the correct certificate was found, however, there were not enough permissions given to access the private key file of the certificate. The private key is used to very the signature. Have you give private key permissions to your certificate? You can do this by using the WSE Certificate tool, clicking on the Private Key properties and then adding the "Users" group to the ACL's of the file. In general, when verifying signature or decrypting on the server side, the LocalMachine/Personal store is used in order to retrieve the certificate. This is the default store unless it is explicitly specified as something else in the configuration file. Let me know if this helps Sidd [MSFT] > Hi all, > [quoted text clipped - 34 lines] > > Any help would be greatly appreciated? One thing to note: in the Hands on Labs, the instructions say to tive the ASPNET account access to teh server certificate. I am developing as a non-admin, not using IIS but the file based server and this did not work. For TESTING and DEVELOPMENT purposes, I gave my login account access to the server certificate (in local machine/personal) instead. Julie > Hi Diego, > [quoted text clipped - 54 lines] >> >> Any help would be greatly appreciated? Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.