Solved

Add Server Certificate in IIS from C#

Posted on 2016-10-04
6
107 Views
Last Modified: 2016-10-21
Hi All,

I wish to import a Certificate from a C# app into IIS.

If I import the file using the IIS manager GUI:
  - Server Certificates
    - Import
It allows me to use this to assign as the SSL certificate in the Site Binding.

Now, if I do the same process within C#, it adds the certificate  - or at least it looks identical - but when I try to assign it as the SSL certificate in the Site Binding, it gives the error:
"A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT: 0x80070520)"

When you view the certificate in the 'Server Certificates' dialog it has identical entries for each of the columns...

The code I am using is as follows:
X509Store store = new X509Store("WebHosting", StoreLocation.LocalMachine);                
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
X509Certificate2 certificate = new X509Certificate2(xSSLCertificate, xSSLCertificatePassword);
store.Add(certificate);
store.Close();

Open in new window

Can anyone help?

Thanks,

James
0
Comment
Question by:jatkin
  • 3
  • 3
6 Comments
 
LVL 26

Expert Comment

by:Dan McFadden
ID: 41829446
You need to bind the certificate to the site before the call to "store.Close();"

IIS Forum Thread:  https://forums.iis.net/t/1163325.aspx

Other reference links:

- https://forums.iis.net/t/1178407.aspx
- https://msdn.microsoft.com/en-us/library/ms731899(v=vs.110).aspx

Dan
0
 
LVL 4

Author Comment

by:jatkin
ID: 41829687
Hi,

Thank you for your suggestions.

Unfortunately even in this sequence, the same issue persists.

I have now tried simply importing the Certificate using C#, then adding all the Web Site with references using the IIS Manager. As soon as I try to assign the SSL Certificate to the site, I get the same error.

It look like there must be some sort of error in the import process:

String xMachineName = Environment.MachineName;
String xSSLCertificate = @"D:\Cert\ServerSSL.pfx";
String xSSLCertificatePassword = @"TestPassword";
using (ServerManager iisManager = new ServerManager())
{
    X509Store store = new X509Store("WebHosting", StoreLocation.LocalMachine);
    store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
    X509Certificate2 certificate = new X509Certificate2(xSSLCertificate, xSSLCertificatePassword);
    store.Add(certificate);
    store.Close();
    iisManager.CommitChanges();
}

Open in new window


I cannot see anything obvious here - any ideas?
0
 
LVL 26

Accepted Solution

by:
Dan McFadden earned 500 total points
ID: 41831314
There aren't any site binding commands in the code above.

I would read the IIS Forum thread I posted, it gives a code example.

To sudo code it:

1. instantiate object for cert
2. set cert object properties
3. open the local certificate store
4. add the cert to the store
5. connect to the iis web site object
6. add the certificate binding
7. set the binding protocol
8. dispose of objects

Dan
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 4

Author Comment

by:jatkin
ID: 41831321
You are correct, I am currently testing just the automated import of the certificate into the store.
The same as using 'Server Certificates', Right-Click 'Import' within the IIS Manager application.

It does appear to add the entry, ready for binding to a site, however does not allow me to bind the created entry, even within the IIS Manager - same message as I receive when automating the bind.

The Import process does appear to work correctly, and will throw an error is the pwd is wrong, but I am not able to use it afterwards.

I am probably missing something obvious here, but I cannot see it :-(
0
 
LVL 26

Expert Comment

by:Dan McFadden
ID: 41833367
Are there any errors in the Event Logs that relate to the attempt to bind the cert in IIS Manager?

If so, can you please post them with all the details?

Dan
0
 
LVL 4

Author Closing Comment

by:jatkin
ID: 41853550
This seems to be okay now!
Not sure what I had missed when I previously tested this.

Many thanks for the help :-)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Authentication of Web Services 3 53
Remove greater than sign 3 44
In WPF / C# binding a local database in code behind 1 24
Setup IIS website to use ADFS authentication 25 42
Lync server 2013 or Skype for business Backup Service Error ID 4049 – After File Share Migration
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now