evilfred
evilfred

Reputation: 2416

X509Certificate2: Extensions are missing

In C# i'm loading X509Certificate2 objects from an X509Store initialized like so:

        X509Store store = new X509Store("My", StoreLocation.LocalMachine);
        store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);

I made my certificate in Openssl and it is set to "Any purpose". So I would expect the X509Certificate2.Extensions to be non-empty and hold the "Server Auth" extension. However, Extensions is always an empty list. Any ideas?

Upvotes: 1

Views: 1831

Answers (1)

bethlakshmi
bethlakshmi

Reputation: 4609

I'd double check the certificate in an independant source, just to check that the data you think is in there is really there. I usually use one of the web based tools:

http://www.redkestrel.co.uk/cgi/decodeCert.pl

http://www.bogpeople.com/networking/CertDecoder/

are two such tools.

That way you know if it's the test data or use of the X509 library.

Next, I'm not sure what you mean by set to "any purpose". I poked through the Open SSL documentation, and I don't see a setting for what you describe. There's two extensions in a certificate that define the usages of a key - Key Usage and Extended Key Usage. And the description of the Open SSL commands and config file hasn't shown a place that you could set "any" and have all of these turn on. What I think you want is the "serverAuth" value on the Extended Key Usage extension:

http://www.openssl.org/docs/apps/x509v3_config.html#Extended_Key_Usage_

If you are willing to post the specific openSSL command used and the config file for the certificate generation, I could probably be more help.

Upvotes: 3

Related Questions