So we now have a solution that works as expected. First we confirmed that the server was being synced with NTP Servers every 15 minutes; however, this did not solve our issue. Next we tried regenerating the x.509 certificate entirely over again and uploading to the Google 'Manage your Domains' tool; and this did not solve our issue either. After further x.509 research and some testing, I came across these 2 articles:
http://forums.asp.net/p/1190139/2332445.aspx (contains code solution) http://www.chilkatsoft.com/p/p_309.asp (contains filepath and appropriate permissions instructions) Thus, we modified our code as follows: public AsymmetricAlgorithm GetRsaKey() { X509Certificate2 cert = new X509Certificate2( HttpContext.Current.Server.MapPath (ConfigurationManager.AppSettings["GoogleX509_Path"]), ConfigurationManager.AppSettings ["GoogleX509_Password"], X509KeyStorageFlags.MachineKeySet); //X509Certificate2 cert = new X509Certificate2( // HttpContext.Current.Server.MapPath (ConfigurationManager.AppSettings["GoogleX509_Path"]), // ConfigurationManager.AppSettings ["GoogleX509_Password"]); RSACryptoServiceProvider privateKey = cert.PrivateKey as RSACryptoServiceProvider; return privateKey; } NOTE: The commented section was what we had previously and in accordance with Google Health's examples. But we had to change it to accommodate the MachineKeySet flag. Then we modified the permissions on the web server for folder C: \Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA \MachineKeys to be Modify, Read & Execute, List Folder Contents, Read, and Write for the IIS website's application pool identity user. These 2 steps solved our issue with having sporadic x.509 issues/ failures. On Mar 24, 11:47 am, "Eric (Google)" <[email protected]> wrote: > Hi, > > I haven't seen this before. You may want to relax and/or > update the permissions to the key store. (e.g. you're running as > administrator in your development machine, but not in prod). > > Also make sure the .pfx is readable by the web server (sounds like it > is). > > Some relevant > threads:http://social.msdn.microsoft.com/Forums/en-US/clr/thread/7ea48fd0-8d6...http://forums.asp.net/t/1183636.aspx > > Eric > > On Mar 23, 10:44 am, XMan82 <[email protected]> wrote: > > > > > I've been having some irregular issues with thex509certificate. > > Currently the implementation is working, but it seems unstable so far. > > We generated thex509certificate in both PEM (for Google) and PFX > > (for us) formats as described in the Getting Started doc and that > > worked perfectly in our test environment. We generated a different > >x509certificate the same way for our production environment, but when > > we initially deployed with Google Health we received the following > > error: > > > System.Security.Cryptography.CryptographicException: > > The system cannot find the file specified. > > > Pertinent part of the Stack trace: > > System.Web.HttpUnhandledException: Exception of type > > 'System.Web.HttpUnhandledException' was thrown. ---> > > System.Security.Cryptography.CryptographicException: The system cannot > > find the file specified. > > > at > > System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException > > (Int32 hr) > > at > > System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile > > (String fileName, IntPtr password, UInt32 dwFlags, Boolean > > persistKeySet, SafeCertContextHandle& pCertCtx) > > > We are using similar code from the .NETcode sample for signed > > requests:http://code.google.com/p/googlehealthsamples/source/browse/trunk/dotN... > > > To resolve this, our Server team recommended that we re-copy and > > overwrite the PFX certificate file to our production website again; > > and this worked. It was assumed that the PFX file on the production > > environment had become corrupted somehow and was not working. However, > > the same error came up later last week and was only evident for about > > 4 hours and then started working again. Our production environment is > > locked down much more than our test environment, but we are still > > unaware of the root cause. Any suggestions?- Hide quoted text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Health Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/googlehealthdevelopers?hl=en -~----------~----~----~----~------~----~------~--~---
