Hello
I made self-hosted RESTFul WCF service application with SSL.
The part of the source code referring to the certificate is as follows.
C#
cf.Credentials.ClientCertificate.SetCertificate(
StoreLocation.CurrentUser, StoreName.Root,
X509FindType.FindBySubjectName, "FirstClientCert"
);In order to install a client certificate to client computer, I performed the following procedure.
1. I exported the pfx file using PowerShell script with the password.(*1)
2. I copied the pfx file to client computer.
3. I double-clicked the pfx file of the client computer. (Import-wizard has started).
4. Select Current User and pushed "NEXT" button.
5. Pushed "NEXT" button.
6. Enter password and Pushed "NEXT" button (Then the dialog box with "The password you entered is incorrect." was displayed.
What is the cause?
Is it because that PowerShell's export-pfxCertificate command can not includes Secret key?
Can someone help me?
Best regards.
What I tried:
1. When pfx file is exported by certificate-export-wizard, certificate-import-wizard is succesfull and my application works fine.
2. I have tried to import the pfx file using PowerShell script.(*2)
===>But following error has displayed on PowerShell ISE.
Import-PfxCertificate : The PFX file you are trying to import requires either a different password or membership in an Active Directory principal
to which it is protected.
At C:\Work\TestService2\test_import.ps1:11 char:1
+ Import-PfxCertificate -Password $secure_pwd -FilePath "${client_cert_ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Import-PfxCertificate], Win32Exception
+ FullyQualifiedErrorId : System.ComponentModel.Win32Exception,Microsoft.CertificateServices.Commands.ImportPfxCertificate
*1
$current_directory = 'D:\Work\TestService2'
$root_cert_name = 'FirstRootCert'
$client_cert_name = 'FirstClientCert'
#$imd_sert_name = 'FirstImdCert'
$pwd = 'xxxxxxxx'
$port_no = 5000
$service_guid = '541eea84-c788-4d23-b6b2-f5210xxxx5c5'
#1. Change the current directory.
Set-Location $current_directory
#2. Encrypt the password.
[System.Security.SecureString]$secure_pwd = ConvertTo-SecureString -String $pwd -Force -AsPlainText
#3. Create a root certificate.
$root_cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature -Subject "CN=${root_cert_name}" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign
#4. Export personal information exchange file and private key from root certificate.
[String]$rootCertPath = Join-Path -Path 'cert:\CurrentUser\My\' -ChildPath "$($root_cert.Thumbprint)"
Export-PfxCertificate -Cert $rootCertPath -FilePath "${root_cert_name}.pfx" -Password $secure_pwd
Export-Certificate -Cert $rootCertPath -FilePath "${root_cert_name}.crt"
#5. Create a client certificate.
$client_cert = New-SelfSignedCertificate -Type Custom -DnsName $client_cert_name -KeySpec Signature -Subject "CN=${client_cert_name}" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -Signer $root_cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")
#6. Export personal information exchange file and private key from client certificate.
[String]$rootCertPath = Join-Path -Path 'cert:\CurrentUser\My\' -ChildPath "$($client_cert.Thumbprint)"
Export-PfxCertificate -Cert $rootCertPath -FilePath "${client_cert_name}.pfx" -Password $secure_pwd
Export-Certificate -Cert $rootCertPath -FilePath "${client_cert_name}.crt"*2
$current_directory = 'C:\Work\TestService2'
$client_cert_name = 'FirstClientCert'
$pwd = 'xxxxxxxx'
#1. Change the current directory.
Set-Location $current_directory
#2. Encrypt the password.
[System.Security.SecureString]$secure_pwd = ConvertTo-SecureString -String $pwd -Force -AsPlainText
#3. Import PFX file.
Import-PfxCertificate -Password $secure_pwd -FilePath "${client_cert_name}.pfx" -CertStoreLocation 'Cert:\CurrentUser\My'