ssl - .NET reading cryptographic files from AWS S3 - some files fail on prod, succeed on dev -


i running certificate store off of s3 asp.net cloud application. class s3certificatestore reads .pfx files , password files s3, , creates certificates in memory.

private void loadprivatecerts(x509certificate2collection certificates)         {             var s3files = s3facade.listobjects(config.bucket, config.privatepath).tolist();              foreach (var filepath in s3files)             {                 if (filepath.endswith(".pass") || filepath.endswith("/"))                 {                     continue;                 }                 try                 {                     var certbytes = s3facade.getobject(config.bucket, filepath);                     var pwdbytes = s3facade.getobject(config.bucket, filepath + ".pass");                     var pwd = encoding.utf8.getstring(pwdbytes);                      var cert = new x509certificate2(certbytes, pwd, x509keystorageflags.exportable);    // needs exportable!                     certificates.add(cert);                 }                 catch (exception e)                 {                     exceptions.add(e);                 }             }         } 

when run locally, certificates pulled s3 , reconstituted correctly. but... when run code on ec2 instance, certificates fine, , others fail. (the same ones fail).

exception: system cannot find file specified.     @ system.security.cryptography.cryptographicexception.throwcryptographicexception(int32 hr)    @ system.security.cryptography.x509certificates.x509utils._loadcertfromblob(byte[] rawdata, intptr password, uint32 dwflags, boolean persistkeyset, safecertcontexthandle& pcertctx)    @ system.security.cryptography.x509certificates.x509certificate.loadcertificatefromblob(byte[] rawdata, object password, x509keystorageflags keystorageflags) 

i'm baffled. there kind of character encoding difference @ work? don't think of passwords have high-bit characters, may seeing them after has been munged.

any suggestions?

i found workable solution. if set iis apppool setting "load user profile" true, certificate construction works. following script in .ebextension file seems trick:

c:\windows\system32\inetsrv\appcmd.exe set config /section:applicationpools "/[name='defaultapppool'].processmodel.loaduserprofile:true" 

i still don't understand why certificate construction consistently succeeding certs , consistently failing others, before change.


Comments

Popular posts from this blog

account - Script error login visual studio DefaultLogin_PCore.js -

xcode - CocoaPod Storyboard error: -