private string GetCCSPath(string bindingName) { return((CCSUncPath.EndsWith("/") ? CCSUncPath : CCSUncPath + "/") + bindingName + ".pfx"); }
public new SSLCertificate InstallPfx(byte[] certificate, string password, WebSite website) { SSLCertificate newcert = null, oldcert = null; // Ensure we perform operations safely and preserve the original state during all manipulations, save the oldcert if one is used if (CheckCertificate(website)) { oldcert = GetCurrentSiteCertificate(website); } X509Certificate2 x509Cert; var store = new X509Store(CertificateStoreName, StoreLocation.LocalMachine); if (UseCCS) { // We need to use this constructor or we won't be able to export this certificate x509Cert = new X509Certificate2(certificate, password, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet); var certData = x509Cert.Export(X509ContentType.Pfx); var convertedCert = new X509Certificate2(certData, string.Empty, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet); // Attempts to move certificate to CCS UNC path try { // Create a stream out of that new certificate certData = convertedCert.Export(X509ContentType.Pfx, CCSCommonPassword); // Open UNC path and set path to certificate subject var filename = (CCSUncPath.EndsWith("/") ? CCSUncPath : CCSUncPath + "/") + x509Cert.GetNameInfo(X509NameType.SimpleName, false) + ".pfx"; var writer = new BinaryWriter(File.Open(filename, FileMode.Create)); writer.Write(certData); writer.Flush(); writer.Close(); // Certificate saved } catch (Exception ex) { // Log error Log.WriteError("SSLModuleService could not save certificate to Centralized Certificate Store", ex); // Re-throw throw; } } else { x509Cert = new X509Certificate2(certificate, password, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet); // Step 1: Register X.509 certificate in the store // Trying to keep X.509 store open as less as possible try { store.Open(OpenFlags.ReadWrite); store.Add(x509Cert); } catch (Exception ex) { Log.WriteError(String.Format("SSLModuleService could not import PFX into X509Store('{0}', '{1}')", store.Name, store.Location), ex); // Re-throw error throw; } finally { store.Close(); } } // Step 2: Instantiate a copy of new X.509 certificate try { newcert = GetSSLCertificateFromX509Certificate2(x509Cert); } catch (Exception ex) { HandleExceptionAndRollbackCertificate(store, x509Cert, null, website, "SSLModuleService could not instantiate a copy of new X.509 certificate.", ex); } // Step 3: Remove old certificate from the web site if any try { // Check if certificate already exists, remove it. if (oldcert != null) { DeleteCertificate(oldcert, website); } } catch (Exception ex) { HandleExceptionAndRollbackCertificate(store, x509Cert, null, website, string.Format("SSLModuleService could not remove existing certificate from '{0}' web site.", website.Name), ex); } // Step 4: Register new certificate with HTTPS binding on the web site try { AddBinding(x509Cert, website); } catch (Exception ex) { HandleExceptionAndRollbackCertificate(store, x509Cert, oldcert, website, String.Format("SSLModuleService could not add new X.509 certificate to '{0}' web site.", website.Name), ex); } return(newcert); }