You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
But the API CertificateLoader.LoadFromStoreCert(certSubjectName, StoreName.My.ToString(), StoreLocation.LocalMachine, false); always return this one. 028D50648D9514FC21E4322570A73522A0B1C83E. However if I expand the LINQ expression to separate steps like this. It works fine.
try
{
store.Open(OpenFlags.ReadOnly);
storeCertificates = store.Certificates;
var certificates = storeCertificates.Find(X509FindType.FindBySubjectName, subject, !allowInvalid);
this.config.Logger.LogInfo(loggingContext, $"Found {certificates.Count} certificates with subject {subject} in store {storeName}.");
this.config.Logger.LogInfo(loggingContext, $"Found {string.Join(";", certificates.Select(c => c.Thumbprint).ToList())}.");
var validCertificates = certificates.OfType<X509Certificate2>().Where(this.IsCertificateAllowedForServerAuth);
this.config.Logger.LogInfo(loggingContext, $"Found valid {string.Join(";", validCertificates.Select(c => c.Thumbprint).ToList())}.");
var certificatesWithAccessiblePrivateKey = validCertificates.Where(this.DoesCertificateHaveAnAccessiblePrivateKey);
this.config.Logger.LogInfo(loggingContext, $"Found accessiable private key {string.Join(";", certificatesWithAccessiblePrivateKey.Select(c => c.Thumbprint).ToList())}.");
var orderedCertificates = certificatesWithAccessiblePrivateKey.OrderByDescending(certificate => certificate.NotAfter);
this.config.Logger.LogInfo(loggingContext, $"Found ordered {string.Join(";", orderedCertificates.Select(c => c.Thumbprint).ToList())}.");
foreach (var certificate in orderedCertificates)
{
// Pick the first one if there's no exact match as a fallback to substring default.
foundCertificate ??= certificate;
if (certificate.GetNameInfo(X509NameType.SimpleName, forIssuer: false).Equals(subject, StringComparison.InvariantCultureIgnoreCase))
{
foundCertificate = certificate;
break;
}
}
if (foundCertificate == null)
{
throw new InvalidOperationException("No certificate found");
}
return foundCertificate;
}
Output logs:
Found 2 certificates with subject auth.exchangelabs.live-int.com in store My.
Found 548F7596B54D143AC4F87A7D2DCC4E73B071CE19;028D50648D9514FC21E4322570A73522A0B1C83E.
Found valid 548F7596B54D143AC4F87A7D2DCC4E73B071CE19;028D50648D9514FC21E4322570A73522A0B1C83E.
Found accessiable private key 548F7596B54D143AC4F87A7D2DCC4E73B071CE19;028D50648D9514FC21E4322570A73522A0B1C83E.
Found ordered 548F7596B54D143AC4F87A7D2DCC4E73B071CE19;028D50648D9514FC21E4322570A73522A0B1C83E.
Loaded cert 548F7596B54D143AC4F87A7D2DCC4E73B071CE19 by self codes
Loaded cert 028D50648D9514FC21E4322570A73522A0B1C83E by CertificateLoader
Unfortunately this happened only in our test environment but I can't reproduce this on my own dev machine.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
According to codes , the API should return the last expired cert if there're multiple certs found by cert subject name. But it doesn't.
The machine has two certs installed.
But the API
CertificateLoader.LoadFromStoreCert(certSubjectName, StoreName.My.ToString(), StoreLocation.LocalMachine, false);always return this one. 028D50648D9514FC21E4322570A73522A0B1C83E. However if I expand the LINQ expression to separate steps like this. It works fine.Output logs:
Unfortunately this happened only in our test environment but I can't reproduce this on my own dev machine.
Beta Was this translation helpful? Give feedback.
All reactions