Issues with X509Store.Find FindByThumbprint certificates

I assume that you copied the thumbprint from the Windows Certificate Information dialog box into your code (or into the configuration file if this is a simplified example). It’s annoying that the first character in the text field of the fingerprint is the invisible Unicode control character “from left to right” . Try to select the initial quote and the first character of the thumbprint, deleting them (which also eliminates the invisible intermediate character), and re-enter them manually.

Today I myself have undergone this strange behavior, and it took me more than an hour to figure it out. I ended up seeing this with a debugger to check the lengths and hash codes of the findValue and Thumbprint certificate object, which turned out to be different. This led me to check the arrays of characters of these lines in the debugger, where an invisible character was found.

I became a victim of this. Not only was the Unicode character added from the left to right in the Windows console, but it also had lowercase hexadecimal characters with spaces between the two characters. CertUtil output also had lowercase characters and spaces. To get a match, I had to specify findValue as a string that was converted to

• Remove the main special character,
• Remove spaces between character clusters,
• Change all characters to uppercase .

This also worked, I wrote this function to clear the fingerprint when copying and pasting from MMC:

 public string CleanThumbprint(string mmcThumbprint) { //replace spaces, non word chars and convert to uppercase return Regex.Replace(mmcThumbprint, @"\s|\W", "").ToUpper(); } ... var myThumbprint = CleanThumbprint("‎b3 ab 84 e5 1e e5 e4 75 e7 a5 3e 27 8c 87 9d 2f 05 02 27 56"); var myCertificate = certificates.Find(X509FindType.FindByThumbprint, myThumbprint, true)[0]; 

This code should work.

Suppose you copied this fingerprint from a certificate management console. And this copied value contains a unicode unreadable character that is invisible in Visual Studio. Try removing the first invisible character, and if that is what I think it should work.

Replace the code to find your certificate in the repository, as shown below:

 var results = store.Certificates.Find(findType, findValue, true); 

Also the third parameter, which is the bool return certificate, only if the certificate is valid. So make sure your certificate is valid. If you have a self-signed certificate or so, just pass the third parameter so that it is "false"

I came across the same thing. I could not find this answer anywhere here, so I will post it. It seems to me that the X509Store search function just doesn't work. I checked this with a simple loop cycle and got the certificate manually.

  X509Store store = new X509Store(StoreName.Root,StoreLocation.LocalMachine); store.Open(OpenFlags.ReadOnly); X509Certificate cert = new X509Certificate(); for (int i = 0; i < store.Certificates.Count; i++) { if (store.Certificates[i].SerialNumber == "XXXX") { cert = store.Certificates[i]; } } 

 var results = store.Certificates.Find(findType, findType, true); 

I think you mean that the second parameter should be "findValue".

Here is a simple version of the code for the sentences above - of course, that works for me

  private X509Certificate2 GetCertificate() { var certStore = new X509Store("my"); certStore.Open(OpenFlags.ReadOnly); try { const string thumbprint = "18 33 fe 3a 67 d1 9e 0d f6 1e e5 d5 58 aa 8a 97 8c c4 d8 c3"; var certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, Regex.Replace(thumbprint, @"\s+", "").ToUpper(), false); if (certCollection.Count > 0) return certCollection[0]; } finally { certStore.Close(); } return null; } 

I see this invisible Unicode char. Trying to use Notepad (Windows 10) somehow also did not help me. Finally, I use PowerShell to get a clean fingerprint:

 PS C:\> $tp= (Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object {$_.Subject -match "mycert"}).Thumbprint; PS C:\> $tp 

SO a lot for Unicode char.