Archived Forum Post

Index of archived forum posts

Question:

(C#) Cert's LoadByEmailAddress fails, but manually checking current user certificate store works

Apr 27 '15 at 12:38

Hello Chilkat. I am trying to load a certificate from email address. The certificate has a private key and is located in the current user certificate store. However, when I use the method "LoadByEmailAddress", it returns false. But if I open up the certificate store and iterate through the certificates, I am able to find the correct one. Some code:

private Cert LoadCertificate(string emailAddress)
{
    var cert = new Cert();
    if (!cert.LoadByEmailAddress(emailAddress))
    {
        var certStore = new CertStore();
        certStore.OpenCurrentUserStore(true);
        var nCertificates = certStore.NumCertificates;
        for (int i = 0; i < nCertificates; i++)
        {
            var tempCert = certStore.GetCertificate(i);
            if (!string.IsNullOrEmpty(tempCert.SubjectE) && emailAddress.Equals(tempCert.SubjectE, StringComparison.OrdinalIgnoreCase))
            {
                return tempCert;
            }
        }
        return cert;
    }
    return cert;
}

So the first cert.LoadByEmailAddress returns false, but the code inside the "if" clause is able to find the correct one.

The curious part is that I am loading two certificates. The first certificate, which is a public key, I am able to find through LoadByEmailAddress. The second certificate, which has a private key belonging to it, is only found by manually searching through the certificate store.

Any idea as to why this is happening?


Answer

Thanks. I'll try to reproduce the problem, and if I can I'll provide a fix. Please make sure this problem occurs in the latest version (v9.5.0.48). Also, what .NET Framework would you need for a fix (assuming I can reproduce the problem?)


Answer

Hello

I'm a colleague of Fredrik's.

This issue is occurring at just one of our customers' installation. For several of our other customers this is not a problem. In addition the certificate we use for encryption works fine with LoadByEmailAddress, while it's a problem for the certificate we use for signing.

We are using version 9.5.0.16. It's quite hard for us to patch the current system to 9.5.0.48 right now, as we need the customer to do changes on and debug a system which from their perspective works fine (using the workaround in the code). :-)