I have a strange issue with X509Store. I have small tool that adds / removes things from store in pretty classical way:
var pfxContainer = File.ReadAllBytes(strPFXFileName);
X509Certificate2 x509Cert = new X509Certificate2(pfxContainer);
X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
try
{
store.Open(OpenFlags.ReadWrite);
store.Add(x509Cert);
store.Close();
}
Everything will be done from console with admin rights. And everything seems ok – no errors, no exceptions. Certificate is there. Now if I’m trying to choose this certificate from IIS/Binding I become strange message:enter image description here “specified logon session does not exist. It may already have been terminated…”
But certificate is ok - if I'm importing same certificate with MMC – there are no problems at all and I can choose and use this from IIS. Are there some bugs like with certutil.exe and error 87 or I'm missing something?
In order to work with IIS the certificate must be exportable and include the private key.
To do that you must specify the Exportable and PersistKeySet flags:
X509Certificate2 cert = new X509Certificate2(PfxFile, Password,
X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);