I have a console application that downloads an X509 certificate from an array of bytes as follows:
var cert = new X509Certificate2(certificateContent,
certificateContent is a byte[] representing the contents of a pfx file. This code is great for the few certificates I tested. However, there is one certificate that I am testing that causes this string to throw a CryptographicException with the message "The specified network password is invalid." Although the password provided is correct.
The weird part is that I can use the same code in LinqPad to create a certificate from the same pfx file with the same password, and it works fine.
I checked the call site in the console application in the debugger and verified that the correct values ββwere being transmitted.
What can cause this constructor to throw this exception in a console application, but not in LinqPad, using the same data, and work fine in both places for other certificates?
More details
Certificates are stored in a database in Base64. The Console application reads the certificate from the database, converts it from Base64 to byte [], and then tries to create the X509Certificate2 object, as described above.
There are three certificates that I tested:
- My personal customer authentication certificate provided by my employer CA.
- Test certificate created by a colleague using their own self-employed CA.
- My own test certificate created by me using a self-signed CA.
Certificates 1 and 2 work both in the console application and in LinqPad.
Certificate 3 loads fine in LinqPad, but generates the error above if I try to use it in a console application.
There are two significant differences between certificates 2 and 3.
- Cert2 expires in 2016, and Cert3 expires in 2039.
- The private key associated with cert2 is 2048 bits. Cert3 - 1024 bits.
Can one of these differences lead to the error "the specified network password is incorrect"? And why all 3 certs work fine in LinqPad, but only 1 throws an error in the Console application?