I have a wix project that uses the IIS extension to install a simple
x509 certificate. Here is my wix snippet:
<Binary Id="BIN_MyCertificate.pfx"
SourceFile="$(var.Binaries)\MyCertificate.pfx" />
<DirectoryRef Id="INSTALLLOCATION">
<?define ComponentGuid = f128910b-318d-4b3f-96c3-f59610bbfce5 ?>
<Component Id="CP_ MyCertificate.pfx" Guid="$(var.ComponentGuid)"
KeyPath="yes">
<iis:Certificate Id="CERT_ MyCertificate.pfx"
BinaryKey="BIN_ MyCertificate "
Name="My Certificate"
Overwrite="yes"
PFXPassword="MyPassword"
Request="no"
StoreLocation="localMachine"
StoreName="personal" />
</Component>
</DirectoryRef>
The certificate appears to install ok. I then use a custom action to
execute the winhttpcertcfg utility to adjust the permissions this
certificate. That appears to work too. However, when I try to run a WCF
based service (in IIS), I get the error below, in the event log. If I
try running an install without have Wix do the certificate installation
(ie I manually install it), everything works ok. When Wix installs the
certificate, I can see the entry in the MMC console, but WCF won't use
it.
Am I missing something here, or is there a known bug concerning this
scenario?
Thanks, John
(Event log details below)
WebHost failed to process a request.
Sender Information:
System.ServiceModel.ServiceHostingEnvironment+HostingManager/18271112
Exception: System.ServiceModel.ServiceActivationException: The service
'/SelectServer/Integration/v1/Registration.svc' cannot be activated due
to an exception during compilation. The exception message is: The
certificate 'CN=My Certificate' must have a private key that is capable
of key exchange. The process must have access rights for the private
key.. ---> System.ArgumentException: The certificate 'CN=My Certificate'
must have a private key that is capable of key exchange. The process
must have access rights for the private key. --->
System.Security.Cryptography.CryptographicException: Keyset does not
exist
at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters
parameters, Boolean randomKeyContainer)
at
System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType
keyType, CspParameters parameters, Boolean randomKeyContainer, Int32
dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32
dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at
System.Security.Cryptography.RSACryptoServiceProvider..ctor(CspParameter
s parameters)
at
System.Security.Cryptography.X509Certificates.X509Certificate2.get_Priva
teKey()
at
System.ServiceModel.Security.SecurityUtils.EnsureCertificateCanDoKeyExch
ange(X509Certificate2 certificate)
--- End of inner exception stack trace ---
at
System.ServiceModel.Security.SecurityUtils.EnsureCertificateCanDoKeyExch
ange(X509Certificate2 certificate)
at
System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.Crea
teServerX509TokenProvider()
at
System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.Crea
teLocalSecurityTokenProvider(RecipientServiceModelSecurityTokenRequireme
nt recipientRequirement)
at
System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.Crea
teSecurityTokenProvider(SecurityTokenRequirement requirement)
at
System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.Crea
teTlsnegoServerX509TokenProvider(RecipientServiceModelSecurityTokenRequi
rement recipientRequirement)
at
System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.Crea
teTlsnegoSecurityTokenAuthenticator(RecipientServiceModelSecurityTokenRe
quirement recipientRequirement, Boolean requireClientCertificate,
SecurityTokenResolver& sctResolver)
at
System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.Crea
teSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement,
SecurityTokenResolver& outOfBandTokenResolver)
at
System.ServiceModel.Security.SecuritySessionSecurityTokenAuthenticator.S
essionRenewSecurityTokenManager.CreateSecurityTokenAuthenticator(Securit
yTokenRequirement tokenRequirement, SecurityTokenResolver&
outOfBandTokenResolver)
at
System.ServiceModel.Security.SymmetricSecurityProtocolFactory.OnOpen(Tim
eSpan timeout)
at
System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(T
imeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan
timeout)
at System.ServiceModel.Security.SecurityProtocolFactory.Open(Boolean
actAsInitiator, TimeSpan timeout)
at
System.ServiceModel.Security.SecurityListenerSettingsLifetimeManager.Ope
n(TimeSpan timeout)
at
System.ServiceModel.Channels.SecurityChannelListener`1.OnOpen(TimeSpan
timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan
timeout)
at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan
timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan
timeout)
at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan
timeout)
at
System.ServiceModel.Security.SecuritySessionSecurityTokenAuthenticator.O
nOpen(TimeSpan timeout)
at
System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(T
imeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan
timeout)
at
System.ServiceModel.Security.CommunicationObjectSecurityTokenAuthenticat
or.Open(TimeSpan timeout)
at
System.ServiceModel.Security.SecurityUtils.OpenTokenAuthenticatorIfRequi
red(SecurityTokenAuthenticator tokenAuthenticator, TimeSpan timeout)
at
System.ServiceModel.Security.SecuritySessionServerSettings.OnOpen(TimeSp
an timeout)
at
System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(T
imeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan
timeout)
at
System.ServiceModel.Security.SecurityListenerSettingsLifetimeManager.Ope
n(TimeSpan timeout)
at
System.ServiceModel.Channels.SecurityChannelListener`1.OnOpen(TimeSpan
timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan
timeout)
at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan
timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan
timeout)
at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan
timeout)
at
System.ServiceModel.ServiceHostingEnvironment.HostingManager.ActivateSer
vice(String normalizedVirtualPath)
at
System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServi
ceAvailable(String normalizedVirtualPath)
--- End of inner exception stack trace ---
at
System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServi
ceAvailable(String normalizedVirtualPath)
at
System.ServiceModel.ServiceHostingEnvironment.EnsureServiceAvailableFast
(String relativeVirtualPath)
Process Name: w3wp
Process ID: 4000
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
WiX-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/wix-users
