I have written my own CertificateManager. I would like to store the LocalServiceProviderCertificate in the Windows Certificate Store. However, I am having trouble retrieving the certificate. When I call Find on the X509Store object, it returns a collection with zero items. What is the correct method to get a X509Certificate2 object with both keys from the Windows Certificate Store so that I can provide it to the LocalServiceProviderCertificate property?
Here is the code I am using:
LocalServiceProviderCertificate = FindCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, “www.idp.com”);
private static X509Certificate2 FindCertificate(StoreLocation location, StoreName name, X509FindType findType, string findValue)
{
X509Store store = new X509Store(name, location);
try
{
// create and open store for read-only access
store.Open(OpenFlags.ReadOnly);
// search store
X509Certificate2Collection col = store.Certificates.Find(findType, findValue, true);
// return first certificate found
return col[0];
}
// always close the store
finally
{
store.Close();
}
}
The code looks ok. I suggest writing some test code that iterates over all the certificates in the store.Certificates collection and dumps out the subject name and/or DN of each certificate. This should help determine why the Find method is failing to find the certificate.
Please note that other standard certificate manager supports certificates store on the file system as well as certificate stored in the Windows certificate store for the local machine. The SAML configuration describes how to specify a certificate in the certificate store by subject name, serial number or thumbprint.
Thank you for the suggestion. I found that the certificate I was looking for was in the collection, but since it was self-signed, it was not trusted and so was not being returned from Find when I was using validOnly=true.