X509Certificate.CreateFromCertFile - the specified network password is not correct

p.campbell picture p.campbell · May 22, 2009 · Viewed 55.9k times · Source

I have a .NET application that I want to use as a client to call an SSL SOAP web service. I have been supplied with a valid client certificate called foo.pfx. There is a password on the certificate itself.

I've located the certificate at the following location: C:\certs\foo.pfx

To call the web service, I need to attach the client certificate. Here's the code:

public X509Certificate GetCertificateFromDisk(){
    try{             

       string certPath = ConfigurationManager.AppSettings["MyCertPath"].ToString(); 
       //this evaluates to "c:\\certs\\foo.pfx". So far so good.

       X509Certificate myCert = X509Certificate.CreateFromCertFile(certPath);
       // exception is raised here! "The specified network password is not correct" 

       return cert;

     }
    catch (Exception ex){    
        throw;
     }
}

It sounds like the exception is around the .NET application trying to read the disk. The method CreateFromCertFile is a static method that should create a new instance of X509Certificate. The method isn't overridden, and has only one argument: the path.

When I inspect the Exception, I find this:

_COMPlusExceptionCode = -532459699
Source=mscorlib

Question: does anyone know what the cause of the exception "The specified network password is not correct" ?

Answer

p.campbell picture p.campbell · May 22, 2009

Turns out that I was trying to create a certificate from the .pfx instead of the .cer file.

Lesson learned...

  • .cer files are an X.509 certificate in binary form. They are DER encoded.
  • .pfx files are container files. Also DER encoded. They contain not only certificates, but also private keys in encrypted form.