What is the effect of "PersistKeySet" -StorageFlag when importing a certificate in C #

Question

What is the effect of "PersistKeySet" -StorageFlag when importing a certificate in C #

In my application, the certificate for client authentication is programmatically added to MY-Store using the following code:

//certData is a byte[]
//password is a SecureString
X509Certificate2 certificate = new X509Certificate2(certData, password, X509KeyStorageFlags.Exportable);
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
try
{
    store.Open(OpenFlags.ReadWrite);
    store.Add(certificate);
}
finally
{
    store.Close();
}

With this code, the certificate was correctly imported into MY-Store (the fingerprint and certification chain is also correct) on all the machines we tested.

But on some machines (Windows 7 Professional SP1 and Widnows Server 2008 R2 with a local user account), the certificate cannot subsequently be used to authenticate clients ("Failed to establish trust relationships for secure SSL / TLS channel"). On a Windows 8.1 Enterprise computer with a domain user account, authentication worked sometimes, but not always.

, , X509KeyStorageFlags.PersistKeySet . , :

X509Certificate2 certificate = new X509Certificate2(certData, password, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);

. , , , ? PersistKeySet-Flag , ?

MSDN .

+3

c# ssl client-certificates

GuyMontag 26 . '16 14:02

2

, PersistKeySet, , PFX , , PFX ( ). PFX (, pvk2pfx.exe), (userkeyset).

, , PFX, machinekeyset, machinekeyset, : \ProgramData\Microsoft\Crypto\RSA\MachineKeys.

userkeyset, : \Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-....

, , PFX, MachineKeySet.

0

Kosmo 24 . '17 9:18

bartonjs · Accepted Answer · 2016-07-01T16:50:01+0000

PFX , . .NET , X509Certificate2 Disposed ( ). PersistKeySet .

, PersistKeySet. , , , .

, , , , . , , , .

What is the effect of "PersistKeySet" -StorageFlag when importing a certificate in C #

More articles: