I figured this topic needed it's own thread..
Would it be possible to permit client certificates from the local windows certificate repository? I don't know if it'll work on MONO, but it's critical for me to pull the certificate from windows and not a file. Why? The certificates in use are marked not-for-export
of the private key. So, there's assurance the certificate stays with the machine.
I don't know if this is helpful, but I've been using the following code - feed it a certificate subject and returns a certificate object:
Private Function get_client_cert(ByVal certificate_subject As String)
If certificate_subject = "" Then
Dim certificate_store As X509Store = New X509Store(StoreName.My, StoreLocation.LocalMachine)
Dim certificates As X509Certificate2Collection = certificate_store.Certificates.Find(X509FindType.FindBySubjectName, certificate_subject, True)
Dim certificate As X509Certificate2 = Nothing
If certificates.Count < 1 Then
console.writeline("No matching certificate found!")
get_client_cert = ""
If certificates.Count >= 1 Then
For i As Int16 = 0 To certificates.Count - 1
If certificates(i).GetExpirationDateString > Date.UtcNow Then
certificate = certificates(i)
get_client_cert = certificate
certificate = Nothing
certificates = Nothing
certificate_store = Nothing
I think it's largely taken from microsoft sample, so i can't take authorship.
You're already using System.Security.Cryptography.X509Certificates, so it should be an easy drop-in.
What do you think?
Thanks in advance!
Jan 6, 2009 at 1:16 AM
thanks for the suggestion, the support form MS certificate stores was excluded due to the lack of compatibility with Mono.
Anyway it is quite useful, as it avoids the need to export certificaes, so the feature will be included in the next release.