Upon installation of a client side certificate, I am getting the exception "Object contains only the public half of a key pair. A private key must also be provided". My application is a VC#.NET application running over an ASP.NET platform. The application also uses WSE 2.0 to import certificates into making SOAP requests.
Upon research, I've found that this exception is of type System.Security.Cryptography.CryptographicException.
I am pretty positive all my WSE settings are configured correctly, since I was able to find a similar certificate by subject-distinguished-name. Any ideas will be greatly appreciated.
I was recently having the same problem. I found one explanation here that worked for me. Specifically, the permissions for the private key. The full info is copied below.
There are a couple things that I would look at first:
- Do you have a private key for this certificate?
- Have you given permission for youf application to access the private key?
You can establish whether you have a private key by viewing the certificate through the Windows Certificate Store. To get to this, follow these steps:
- From the Windows Start menu, select Run.
- Type mmc in the Open: field. Click OK
- Select "Add/Remove Snap-in" from the File menu.
- Click the Add button.
- Select "Certificates" from the list of Available Standalone Snap-ins. Click the Add button.
- Select "Computer account." Click Next.
- Select "Local Computer". Click Finish.
- Click Close.
- Click OK.
- Expand the Certificates node under the Console Root and open the Personal store.
- Double-click the Certificate you're using. If you have a private key, the dialog will display a message at the bottom that says "You have a private key that corresponds to this certificate".
If you have a private key, then ensure that your application has permission to access the key:
- Open Windows Explorer.
- Navigate to the C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys folder.
- Select the files containing the keys that the WSE will need to retrieve.
- From the File menu, select Properties.
- On the Security tab, add the ASPNET account and select th e Full Control option.
- Notes: 1. Determining which key file in the MachineKeys folder is associated with a certificate can be difficult. One easy method is to note the creation date and time when creating a new certificate. When you view the files in the MachineKeys directory, check the Date Modified field for the corresponding date and time. 2. If you have configured your system to run under a different account than ASPNET, use that account when granting permissions to access the certificate.