I am trying to use certificates programmatically and not use storage. I am creating an X509Certificate2 with a file name and password.
This works great when I manually added the root certificate to the certificate store in proxies. However, I would prefer not to do this with every deployment - I would rather access it programmatically too.
When I delete the root certificate from the certificate store, I get an exception.
Everything I read seems to say that I have to manually add the root certificate to the certificate store, or the Chain Chain will not work.
Question: Is there a software way to create a Target Chain, so I donβt need to do this manually?
The code looks like this:
var serverCert = new X509Certificate2("FullPathToMyCertificate.cer", "Password"); Client.ClientCredentials.ServiceCertificate.DefaultCertificate = serverCert;
The exception that occurs when trying to use the Client is:
System.IdentityModel.Tokens.SecurityTokenValidationException The X.509 certificate CN=notrealcertname, OU=TPA, OU=BMP, OU=Projects, O=Somebody, C=US is not in the trusted people store. The X.509 certificate CN=notrealcertname, OU=TPA, OU=BMP, OU=Projects, O=Somebody, C=US chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain could not be built to a trusted root authority.
Steve
source share