X509Certificate2: The specified network password ins not correct. Hosting only

by

I have a PFX file that’s currently installed in a DB table. The PFX file is password protected and that password is stored in the same DB in an encrypted state. Running the program on my machine and my test server works great, however, when I moved it to the VPS Service I got the error:

The specified network password is not correct.

Here’s the line of code that the error is being generated:

var CertCredentials = new CertificateCredentials(new X509Certificate2(CertStore.CertificateData, decryptedPassword, X509KeyStorageFlags.MachineKeySet));

What I’ve tried so far is changing the keystorageflags to try each parameter but to no success. Reading up online there seemed to be some issues with making the certificate in AES Encryption which is what I originally did:

openssl pkcs12 -export -inkey key.pem -in cert.pem -out key.pfx

I have therefore also changed the key in its entirety to use SHA1 Triple DES to see if it makes any difference:

openssl pkcs12 -export -certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES -inkey key.pem -in cert.pem -out legacykey.pfx

Unfortunately, none of these have worked. I’ve got a job open with the VPS company, but I’m concerned that they’re going to say it’s not their problem.

  • The error says “The specified network password ins not correct”. I do not think this is the decryptedPassword. You are running from a different machine and not completing the connection. The code is going into the USER STORES. Make the code two lines instead of one and see which line is failing. I do not think you have permission to the stores.

    – 

  • Yes I think you’re right there. I know the decryptedPassword is correct as I’m able to use it from my test server and development computer perfectly fine. If I were to split it out into two lines what would you recommend I put? The decryptedPassword goes through a AES process before that line so I’m a little confused how to split it out. Thanks

    – 

  • var credentials = new X509Certificate2(CertStore.CertificateData, decryptedPassword, X509KeyStorageFlags.MachineKeySet); var CertCredentials = new CertificateCredentials(credentials);

    – 

  • Yeah, I tried that, forgot to add that to the post, I’ve been playing with this for a few days and tried quite a few things. The error was in the var credentials line. not the certCredentials one.

    – 




  • Is the certificate loaded in both the user and system certificate stores? See support.securly.com/hc/en-us/articles/…

    – 

Leave a Comment