Reputation: 918
Internal.Cryptography.CryptoThrowHelper.WindowsCryptographicException
I'm getting the following error message from Visual Studio 2017 on first run of the ASP.NET Core MVC Boilerplate template (DotNet Core) regarding the SSL certificate:
"Internal.Cryptography.CryptoThrowHelper.WindowsCryptographicException occurred HResult=0x80070002 Message=The system cannot find the file specified Source=
StackTrace: at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(Byte[] rawData, String fileName, String password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) at Microsoft.AspNetCore.Hosting.KestrelServerOptionsHttpsExtensions.UseHttps(KestrelServerOptions options, String fileName, String password) ... "
All other projects using SSL work fine and I've double checked that my localhost certificate is in the Trusted Root Certification Authorities for my local machine and has not expired. The project is running IISExpress - perhaps it's not looking the correct place? I'm not sure. Any ideas where I'm going wrong?
Upvotes: 8
Views: 31476
Answers (5)
Reputation: 1789
I've just spent all morning fixing this error....
I'm using the Azure.Security.KeyVault.Certificates nuget package to download a certificate from a KeyVault and use it for IdentityServer.
I recently updated nuget packages for our project so refactored a bit of code, deleting the key bit of the jigsaw.
var signingCertificate = certificateClient.DownloadCertificate(new DownloadCertificateOptions(signingCertificateName)
{
KeyStorageFlags = System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.MachineKeySet,
});
X509KeyStorageFlags.MachineKeySet is the secret sauce to getting it running on Azure. I tried several other options before landing back on this one. The annoying thing is, had this in originally before I started refactoring!
Upvotes: 3
Reputation: 614
Context
I'm setting up a new dotnet 6 mvcapp website and trying to install Certbot generated certificate locally. The settings for kestrel to load certificate from file was simple enough but I keep getting above errors.
Reason for that like someone has mentioned, the fullchain.pem is actually a symlink or in other word: a shortcut.
Solution for that is to right click on the '.pem file' shortcut and select Open file location and then get the actual .pem files.
Updating your settings to point to the actual files and you should be ok.
Wrong path points to live folder
"Certificates": {
"Default": {
"Path": "C:\\Certbot\\live\\{my domain}\\fullchain.pem",
"KeyPath": "C:\\Certbot\\live\\{my domain}\\privkey.pem"
}
}
Correct path points to archive folder
"Certificates": {
"Default": {
"Path": "C:\\Certbot\\archive\\{my domain}\\fullchain.pem",
"KeyPath": "C:\\Certbot\\archive\\{my domain}\\privkey.pem"
}
}
Upvotes: 2
Reputation: 1644
If you're running in docker, another workaround is doing a copy at startup.
# The copy is done, because wildcard_certificate.pfx is put into the container using docker secrets, which makes it a symlink.
# Reading a certificate as a symlink is not supported at this moment: https://stackoverflow.com/q/43955181/1608705
# After doing a copy, the copied version is not a symlink anymore.
ENTRYPOINT (IF EXIST "c:\certificates\wildcard_certificate.pfx" (copy c:\certificates\wildcard_certificate.pfx c:\app\wildcard_certificate.pfx)) && dotnet webapplication.dll
My application runs in the "c:\app" folder and I put my "to be copied" certificates in "c:\certificates". At startup the certificate is copied to "c:\app", which my environment variables point to.
version: "3.7"
services:
webapplication:
image: ({CONTAINER_REGISTRY})/webapplication:({LABEL})
environment:
- ASPNETCORE_URLS=https://+;http://+
- ASPNETCORE_HTTPS_PORT=443
- ASPNETCORE_Kestrel__Certificates__Default__Path=wildcard_certificate.pfx
secrets:
- source: config_secrets
target: C:/app/appsettings.json
- source: wildcard_certificate_pfx
target: c:\certificates\wildcard_certificate.pfx
Upvotes: 2
Reputation: 8167
Recently had this same issue with ASP.NET Core MVC Boilerplate.
Close Visual Studio, right click on it, "Run as Administrator". Worked for me.
Upvotes: 11
Reputation: 33266
One of two problems is going on.
1) The file "exists", but is a symlink. That tends to confuse the underlying system. (The response is to do File.ReadAllBytes and use the byte[] constructor).
2) The file doesn't exist.
To help diagnose #2 you can read Environment.CurrentDirectory to know where "here" is, and use Directory.EnumerateFiles() to see what is present in the directory and why your file doesn't exist.
Of course, if you didn't think you were loading by file, but thought you were loading from a certificate store: Check your configuration and try again... since you're loading from file :).
Upvotes: 3
Related Questions
- WindowsCryptographicException: Keyset does not exist
- CryptographicException was unhandled: System cannot find the specified file
- Certificate private key throws CryptographicException under IIS Web Server
- HTTP Error 500.30 (Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The system cannot find the file specified.)
- CryptoLicensing error
- Exception: System.Security.Cryptography.CryptographicException : Keyset does not exist in IIS7 application hosted in windows 2008 R2 server
- How can I solve this error? "Error occurred during a cryptographic operation."
- CRYPT_E_NOT_FOUND when importing certificate
- Sitecore - System.Security.Cryptography.CryptographicException
- System.Security.Cryptography.CryptographicException" occurred in w3wp.exe