CODEWITHSUNDEEP
c#.netsslssl-certificate
Conrad Clark
Conrad Clark

Reputation: 4526

Correctly automating the creation of self-signed certificates for development

I'm trying to automate the creation of test environments, and one of the steps is to create self signed certificates to be used on SSL bindings on IIS. It's a WPF application meant to run once to create all websites, applications, windows services, and etcera, based on specified configuration settings.

I've tried using CertEnrollLib (certenroll.dll), but for some unknown reason I'm getting the following error when I run the code on the server:

enter image description here

When I run on my machine everything works fine. My first question is, does anyone know why this happens? I've stumbled across this link:

Problems when compiling and running code that uses CertEnroll with .NET 4.0 and x64

I've tried the said solution:

To get rid of these compilation errors we changed "Embed Interop Types" to "False" in the Properties of the CERTCLIENTLib and CERTENROLLLib references.

To no avail. Also tried changing the platform as said in the link:

I still didn't have time to figure out why this happens, but if you compile against x86 platform instead of Any CPU platform (which makes the code to run against x64 platform on x64 systems by default), it will work fine.

But this doesn't work either, I get the same error. I also tried using BouncyCastle before, but got another COM error.

EDIT: I got it fixed thanks to @CryptoGuy. Instead of using the class constructor of the referenced library: 

var cert = new CX509CertificateRequestCertificate(); // old, not working
// gets the right class to use with my machine, but not with the server

I replaced it with this:

IX509CertificateRequestCertificate cert = (IX509CertificateRequestCertificate) Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CX509CertificateRequestCertificate"));
// gets whatever is the CX509CertificateRequestCertificate implementation is

Upvotes: 0

Views: 818

Answers (1)

Crypt32
Crypt32

Reputation: 13924

Thanks for confirming your server OS. The problem is that IX509CertificateRequestCertificate2 interface is not available in Windows Server 2008, it was added in Windows 6.1 (Windows 7/Windows Server 2008 R2). You need to use standard IX509CertificateRequestCertificate. Technically, they are equal, new interface just adds enrollment web services support (which are not available in previous systems).

Upvotes: 1

Related Questions