“An internal error occurred.” when loading pfx file with X509Certificate2

by

Use the local computer store for the private key:

X509Certificate2 cert = new X509Certificate2("myhost.pfx", "pass",
    X509KeyStorageFlags.MachineKeySet);

MachineKeySet is described as “private keys are stored in the local computer store rather than the current user store”. The default with no flags is to place in the user store.

Even though you are reading the certificate from disk and storing it in an object the private keys are still stored in the Microsoft Cryptographic API Cryptographic Service Provider key database. On the hosting server the ASP.NET process does not have permission to access the user store.

Another approach (as per some comments below) is to modify the IIS Configuration or App Pool identity — which do work. However, this assumes that there is access to these configuration items which may not be the case (e.g. in a shared hosting environment).

More Related Contents:

  1. What exactly happens when I set LoadUserProfile of IIS pool?
  2. X509Certificate Constructor Exception
  3. Generate a self-signed certificate on the fly
  4. Is it possible to programmatically generate an X509 certificate using only C#?
  5. Associate a private key with the X509Certificate2 class in .net
  6. How to find certificate by its thumbprint in C#
  7. Get list of certificates from the certificate store in C#
  8. Force HttpWebRequest to send client certificate
  9. Inserting Certificate (with privatekey) in Root, LocalMachine certificate store fails in .NET 4
  10. CryptographicException was unhandled: System cannot find the specified file
  11. Add certificate on request with RestSharp
  12. Accessing uploaded certificates in azure web sites
  13. How to retrieve certificates from a pfx file with c#?
  14. How to get the X509Certificate from a client request
  15. Debugging failing HTTPS WebRequest
  16. Is it safe to test the X509Certificate.Thumbprint property when you know an invalid certificate is safe?
  17. Signing SOAP messages using X.509 certificate from WCF service to Java webservice
  18. Open X509 Certificates Selection Using USB Token in C# Hosted on IIS
  19. Best way in asp.net to force https for an entire site?
  20. How to call .NET methods from Excel VBA?
  21. Find Nth occurrence of a character in a string
  22. How to set a binding in Code?
  23. The source was not found, but some or all event logs could not be searched
  24. How to find out if a property is an auto-implemented property with reflection?
  25. How to cast Expression to Expression
  26. Piping in a file on the command-line using System.Diagnostics.Process
  27. Set DllImport attribute dynamically
  28. How do I use Web.Config transform on my connection strings?
  29. C# – Issues with boxing / unboxing / typecasting ints. I don’t understand
  30. Implementations of interface through Reflection

Leave a Comment