Search code examples
c++windowssslschannel

SCHANNEL TLS Server side cannot CertFindCertificateInStore

I am adding TLS encryption to a server side application. I am using the Schannel API to add the TLS. I am having a problem with CertFindCertificateInStore. It does not ever find the certificate that I am searching for. As criteria for the search I am using the name of the certificate. I have spent many hours on this now and do not understand why it is not working. Any help would be immensely appreciated. The function I am using this in is found below. Thanks,

int ServerCreateCredentials() {

//- get the certificate store
HCERTSTORE myCertStore = NULL;
myCertStore = CertOpenStore(
                            CERT_STORE_PROV_SYSTEM,
                            X509_ASN_ENCODING,
                            NULL,
                            CERT_SYSTEM_STORE_LOCAL_MACHINE,
                            L"My");

// check for the failure to find the appropriate store
if (myCertStore == NULL) {
    return 1;
}

// find the certificate in the store
m_CertificateContext = CertFindCertificateInStore(
                            myCertStore,
                            X509_ASN_ENCODING,
                            0,
                            CERT_FIND_SUBJECT_STR_A,
                            (LPVOID) CertificateName,
                            NULL);

if (m_CertificateContext == NULL) {
    // try unicode
    m_CertificateContext = CertFindCertificateInStore(
                            myCertStore,
                            X509_ASN_ENCODING,
                            0,
                            CERT_FIND_SUBJECT_STR_W,
                            CertificateName,
                            NULL);

    if (m_CertificateContext == NULL ) {
        // free the store
        CertCloseStore(myCertStore, CERT_CLOSE_STORE_CHECK_FLAG);
        return 2;
    }
}

TimeStamp life;
// get the credentials
SCHANNEL_CRED SchannelCredentials;
ZeroMemory(&SchannelCredentials, sizeof(SchannelCredentials));

SchannelCredentials.dwVersion = SCHANNEL_CRED_VERSION;

SchannelCredentials.cCreds = 1;                         // number of credentials 
SchannelCredentials.paCred = &m_CertificateContext;     // credentials
SchannelCredentials.hRootStore = myCertStore;   // certificate store location
SchannelCredentials.dwMinimumCipherStrength = 80;           // minimum encryption allowed
SchannelCredentials.grbitEnabledProtocols = 0;          // let the dll decide
SchannelCredentials.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION 
                              | SCH_CRED_NO_SERVERNAME_CHECK 
                              | SCH_CRED_REVOCATION_CHECK_CHAIN;
DWORD Status = SEC_E_OK;
Status = m_securityFunctionTable.AcquireCredentialsHandle(
                    NULL,
                    UNISP_NAME,
                    SECPKG_CRED_INBOUND,
                    NULL,
                    &SchannelCredentials,
                    NULL,
                    NULL,
                    &m_credentials,
                    &life);

// at this point we should be good
// free the store
CertCloseStore(myCertStore, CERT_CLOSE_STORE_CHECK_FLAG);
if (Status != SEC_E_OK) {
    return 3;
}

return 0;
Solution

  • I have figured out that I was not searching on the correct parameters. You need to search based on the subject name and then it will work.