I'm working in an environment with multiple web servers (>20) and app servers (>10). When calling many of my clients' web services, in addition to the standard SSL handshake, they require a certificate be attached to the request for authentication. Currently we are maintaining these certificates in each server's local store. As we get more servers and more clients, this will not be maintainable. The plan is to move the certificates to a dedicate certificate server.
I've looked for documentation on how to retrieve the certificates from a remote store in .Net but have not been able to find anything. Does anyone know where I could find some documentation or have some .Net code that they could share.
You can read from remote windows store using the same X509Store as for local certificate enumeration
public static X509Certificate2 GetCertificate(string subject, string machine)
{
var sp = new StorePermission(PermissionState.Unrestricted);
sp.Flags = StorePermissionFlags.OpenStore | StorePermissionFlags.EnumerateCertificates;
sp.Assert();
return GetCertificate(subject, new X509Store(string.Format(@"\\{0}\MY", machine), StoreLocation.LocalMachine));
}
public static X509Certificate2 GetCertificate(string subject, X509Store store)
{
store.Open(OpenFlags.ReadOnly);
try
{
var cert = MatchCert(store.Certificates, subject);
return cert;
}
finally
{
store.Close();
}
}
However the problem is that only public key can be read in such way. Private keys are not accessible when certificate is being read by network path.