Home » Visual Studio

signer's certificate is not valid

I have programmed succesfully with VB 4.0 for years and have recently started to "Update" myself with Visual Basic 2005.  I tried to build an application to distribute via CD.  I received the following error:

Error 2 SignTool reported an error 'Failed to sign bin\Release\Counting Stewards data entry.publish\\setup.exe. SignTool Error: ISignedCode::Sign returned error: 0x80880253

 The signer's certificate is not valid for signing.

SignTool Error: An error occurred while attempting to sign: bin\Release\Counting Stewards data entry.publish\\setup.exe


I am totally "out to lunch." I have no clue of what this is about and cannot find anything in my references which address it.  I have found no code on line that enlightens me.  Is there a simple explanation and/or fix?  Where can I learn more in order to avoid this in the future?

Thanks in advance for any help.


23 Answers Found


Answer 2

Thank you for your quick response.  I believe I understand.  The purpose of the signer's certificate  is to improve security for sending stuff over the internet.  Is this correct?  If it is, then this is more than I need.  I am not interested in sending applications or data over the internet.  All I want to do is create an application that I can install on  my church's computer so that the people who count Sunday's offering will have a tool to organize their work, which can be a complex and error-prone process.  Is there any way that I can do that?  Must I have a signer's certificate?

Answer 3

I modified the url in the setup.exe file clickonce creates and then tried to resign the file using the following command

 signtool sign /f TradingPlatform.pfx setup.exe

where TradingPlatform.pfx is a valid certificate  in the same directory as setup.exe.

 Here is my output

Done Adding Additional Store
SignTool Error: ISignedCode:Tongue Tiedign returned error: 0x80070057
        The parameter is incorrect.

If i use the signtool wizard i get the very informative error:

SignTool Error: An error occurred while signing: <>

If i try to sign the setup.exe file before i modify it, it works fine.  Does this mean you can not modify an already signed file and then resign it using this tool????


Answer 4

-In VB2005
-Go to the property of the Project
-Select the Signing tab
-Click 'create test certificate' button
- it will ask for new password 2 times and you have another 1 year extension!

Answer 5

I had the very same problem, your answer solved it. Thanks!!!

Answer 6


u solved my problem too

many thx!!!

one more question,

for the next expired date, i am supposed to do the same thing?

many thx




Answer 8

My problem is solved.

Thanks Smile


Answer 9


thank you very much. The official MS workaround to this issue involves creating a new C++ program to generate a new certificate  (http://support.microsoft.com/kb/925521), I was sure there was a simpler way to do it!


Answer 10

That solved my problem too in C#.

Go to Signing (Properties>Signing)

Create test certificate.

and thats it.



Answer 11

THANKS so much!   Works also in VB 2008 for projects migrated from VB 2005.


Answer 12

Is it possible to just extend an existing certificate, or to make the certificate  last more than the year?

I ask because when a new certificate is created, all the users where the application is deployed will need to do a certain amount of work. (such as remove the old link and create the new link to the install url.)


Answer 13

Click the CREATE NEW SIGN, leave passwords blank...

No More sign required.


Answer 14

This really helped me too.




Answer 15

The Microsoft workaround allows to keep your user's certificates valid.  (Otherwise all your users will have to authorize the "new" application...

You can get an already compiled version at


Once you get the new certificate, don't forget to select the new file from Visual Studio's signature tab.  Visual Studio won't re-read it, even if the file has changed :-(


Answer 16

Where do I find this information for Visual Studio 2005 or VS 2008?

Answer 17

Great. it is working

Answer 18

Thanks a bunch. It solved the problem!

Answer 19

Resolved my problem.


Answer 20

It's the advice that keeps on giving!  thx

Answer 21

thanks a ton.

U solved my problem



Answer 22

Brilliant, it even worked in VS2008.




Software Outsourcing by Beztec.com


Answer 23

Thanks, it solved my problem at VS2005





I have programmed succesfully with VB 4.0 for years and have recently started to "Update" myself with Visual Basic 2005.  I tried to build an application to distribute via CD.  I received the following error:

Error 2 SignTool reported an error 'Failed to sign bin\Release\Counting Stewards data entry.publish\\setup.exe. SignTool Error: ISignedCode::Sign returned error: 0x80880253

 The signer's certificate is not valid for signing.

SignTool Error: An error occurred while attempting to sign: bin\Release\Counting Stewards data entry.publish\\setup.exe


I am totally "out to lunch." I have no clue of what this is about and cannot find anything in my references which address it.  I have found no code on line that enlightens me.  Is there a simple explanation and/or fix?  Where can I learn more in order to avoid this in the future?

Thanks in advance for any help.


Is certificate Subject the content of certificate?

such as:

Subject DN = Subject Distinguished Name = the unique identifier for what this thing is. Includes information about the thing being certified, including common name, organization, organization unit, country codes, etc.

Subject Key = part (or all) of the certificate's private/public key pair. If it's coming from the certificate, it's the public key. If it's coming from a key store in a secure location, it's probably the private key. Either part of the key is the cryptographic data used by the thing that received the certificate.

Subject certificate - the end point for the transaction - this is the thing requesting some secure capability - like integrity checking, authentication, privacy, etc.

And what content of Subject is used for IKE V2?


I need to disable all purposes for a specific Root CA certificate due to some SSL chaining issues we're experiencing in our environment.  IE...  Go to "Edit Properties" on the details tab of an SSL certificate and select the "Disable all purposes for this certificate" radio button.  I'm assuming that the appropriate namespace to use would be System.Security.Cryptography.X509Certificates, but I cannot find any way to modify this specific setting programatically.  Any help would be greatly appreciated.  If there's any way to do this using command line tools or any other means that would be appreciated as well...

X509Store xStore = new X509Store(StoreName.Root, StoreLocation.LocalMachine); 
X509Certificate2 xCert = xStore.Certificates.Find(X509FindType.FindBySerialNumber, "344ed55720d5edec49f42fce37db2b6d", false)[0]; 


I am unable to understand the error that I'm getting

Error:Unable to find manifest signing certificate in the certificate store. 

Plz help me out...

Thanks in advance:)


I have a custom ClientCredentials Behavior. But during the call there's no SSL client certitificate sent.

I am setting it like this:

System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine, System.Security.Cryptography.X509Certificates.StoreName.My, System.Security.Cryptography.X509Certificates.X509FindType.FindBySerialNumber,"2f"); echo.Endpoint.Behaviors.Remove(typeof(ClientCredentials)); echo.Endpoint.Behaviors.Add(new BinarySecurityTokenX509ClientCredentials());

During Call I see my behavior added but the -  ClientCertificate is null although SecurityToken GetTokenCore returns a certificate. What's wrong?

 Here's my SecurityTokenProvider:

publicclass BinarySecurityTokenX509ClientCredentials : ClientCredentials


  publicoverride SecurityTokenManager CreateSecurityTokenManager()


  // return custom security token managerreturnnew MyUserNameSecurityTokenManager(this);


  protectedoverride ClientCredentials CloneCore()


  returnnew BinarySecurityTokenX509ClientCredentials();



 publicclass MyUserNameSecurityTokenManager : ClientCredentialsSecurityTokenManager


  public BinarySecurityTokenX509ClientCredentials myUserNameClientCredentials;

  public MyUserNameSecurityTokenManager(BinarySecurityTokenX509ClientCredentials myUserNameClientCredentials)

  : base(myUserNameClientCredentials)


  this.myUserNameClientCredentials = myUserNameClientCredentials;


  publicoverride SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement)


  // if token requirement matches username token return custom username token provider// otherwise use base implementationif (tokenRequirement.TokenType == SecurityTokenTypes.X509Certificate)


   returnnew KKK();






  //throw new Exception("Unsupported tokenRequirement requested: " + tokenRequirement.TokenType);



 publicclass KKK : SecurityTokenProvider


  protectedoverride SecurityToken GetTokenCore(TimeSpan timeout)


  X509Certificate2 credentialCert = Program.getX509TokenFromSTS();  

  returnnew X509SecurityToken(credentialCert);




When my Azure worker role starts, I'd like to be able to take the certificate that I've added through the Windows Azure Portal and export it to a file on disk - that way I can use it with Java/Tomcat to enable SSL.

When I check the certificate store

X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
X509Certificate2Collection certificates = store.Certificates;

I find that there are two certificates CN=AzureSSL (the one I created) and CN=FullOSTransport (not sure what that is?)

Anyway, when I try to export my certificate

bytes = certificate.Export(X509ContentType.Pkcs12);

I get the following error
"Key not valid for use in specified state."

Interestingly the other certificate seems to work.

My guess is that my SSL certificate is not exportable and can only be used with .NET - Is that true? If so, is there any other way of reconstituting the PFX file on disk?

Any information gratefully received.

I attach my full code snippet below.




public static void ExportCertificates(string workingDirectory)
      Tracer.WriteLine(string.Format("Checking for Certificates {0} {1}", StoreName.My, StoreLocation.LocalMachine), "Information");

      X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
      store.Open(OpenFlags.ReadOnly );

      X509Certificate2Collection certificates = store.Certificates;

      Tracer.WriteLine(string.Format("Found {0} certificates", certificates.Count), "Information");

        foreach (X509Certificate2 certificate in certificates)
          string filename = "unknown";
          byte[] bytes;


            if (certificate.HasPrivateKey)
              bytes = certificate.Export(X509ContentType.Pkcs12);
              filename = certificate.SubjectName.Name + ".pfx";
              bytes = certificate.Export(X509ContentType.Cert);
              filename = certificate.SubjectName.Name + ".cer";

            Tracer.WriteLine(string.Format("Exporting certificate {0}", workingDirectory + filename), "Information");

            File.WriteAllBytes(workingDirectory + filename, bytes);
          catch (Exception e)
            Tracer.WriteLine(string.Format("Can't export {0} to {1} because {2}", certificate.SubjectName.Name,
              workingDirectory + filename, e.Message), "Error");

        foreach (X509Certificate2 certificate in certificates)



My company has provided me with a code signing certificate on a smart card whose private key is protected with a pin and is not exportable.  I can use "signtool" to sign the assembly with the smart card cert and I can "Sign the ClickOnce manifests" with the smart card cert as well.  In both cases, there is a straightforward option to choose a store certificate (the smart card cert is loaded into my personal store upon card insertion).  I am prompted for my pin when performing either action and the signing completes successfully.

Creating a strong name using the smart card cert seems to be a different story.  I can use

     sn -c [my smart card CSP]

which I know is effective because the key container name (blank in my case...is that a problem?) and the unique key container (a GUID) can be used as such

     sn -pc "[GUID or blank]" mytest.pub

and the error is "Failed to extract public key from key pair -- Key does not exist."

I said "effective" above because if I switch to my smart card CSP and then pass "sn -pc" something besides empty quotes or the correct GUID, I get the error "Failed to extract public key from key pair -- Keyset does not exist."  Notice the difference is "Key does not exist" vs. "Keyset does not exist."

I've tried appending the subject name of the certificate on the smart card in every way I can imagine such as

     sn -pc "[GUID]\[cert name]" mytest.pub
     sn -pc "[GUID]/[cert name]" mytest.pub
     sn -pc "[GUID]:[cert name]" mytest.pub
     sn -pc "[GUID],[cert name]" mytest.pub

but with no luck.  I've also tried specifying the key container name, subject name, and combinations in the assembly attribute AssemblyKeyName but I get the error "The key container name '[whatever I try]' does not exist."

This link (http://www.dotnetthis.com/Articles/SNandSmartCards.htm) seemed to be promising but if I can't use "sn -pc" to extract the "public portion of the key pair" (or whatever it's supposed to be doing), I'm obviously stuck.  I can export the "public key" from my smart card cert using the MMC certificate console but using that in the process described in the link above (specifying it in the assembly attribute AssemblyKeyFile) gives me a build error "Cryptographic failure while signing assembly '...' -- 'Bad Version of provider.'  What's the difference between the output of 'sn -pc' and my certificates public key?

Note: from stackoverflow: I think is better for system administrators.

I work in company with many servers and Pcs for developers. Servers are win2003, PC developers Windows XP.

In a server Win2003 named preiis01, in preproduction environment, other people in company install a client certificate using any other user (domainCompany\adminsystems) for logging in server preiis01.

Anyone admin uses the user "domainCompany\adminsystems" for log in server preiis01 (using Terminal Server, Remote Desktop for Windows XP).

the admin user is domainCompany\adminsystems", which installs certificate.

Admin user install it like this:

Session login like "domainCompany\adminsystems"
Certificate is PFX file. Do Install PFX and using Wizard. The key private not check for export.
Input the password and install.

There is an application Web which AppPool Identity is: NETWORK SERVICE account.

web server is IIS 6.0.

in preiis01,

That admin user executes mmc -> Snap in -> Certificates for Local Machine. In node -> Personal -> Certificates, he had seen the client certificate:


Issued By FNMT Clase 2 CA

In properties of certificate, the thumbprint: "93 bc a4 ad 58 c9 3c af 8b eb 0b 2f 86 c7 9d 81 70 a6 c4 13"

That admin user executes this commands:


Result is:

> Matching certificate:
> OU=703015476
> OU=FNMT Clase 2 CA
> C=ES
> Granting private key access for

Now, admin user executes this command:


The result is:

> Matching certificate:
> OU=703015476
> OU=FNMT Clase 2 CA
> C=ES
> Additional accounts and groups with
> access to the private key include: 
> domainCompany\adminsystems NT
> BUILTIN\Administrators NT

NOw, in an aspx page in application web in server Win2003, IIS 6.0, I have this code:

NOte: value for X509Certificate2.HasPrivateKeyAccess() is NO (false) for "ENTIDAD COMPANY SEGUROS GENERALES SA - CIF A93 - NOMBRE SURNAME1 NAME1" certificate.

ASP.NET application executes using the identity :: NT AUTHORITY\NETWORK SERVICE

    lbInfo.Text += "<br/><br/>ASP.NET application executes using the identity :: <b>" + WindowsIdentity.GetCurrent().Name + "</b><br>";
                var store = new X509Store(StoreLocation.LocalMachine);
                store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
                Certificates = store.Certificates;
                repeater1.DataSource = Certificates;
                var nombreCertificado = "ENTIDAD COMPANY SEGUROS GENERALES SA - CIF A93 - NOMBRE SURNAME1 NAME1";
                store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
                X509Certificate2Collection col = store.Certificates.Find(X509FindType.FindBySubjectName, nombreCertificado, false);
                if (col.Count > 0)
                    X509Certificate2 certificate = col[0];
                    Message.Text = "Certificado " + nombreCertificado + " encontrado en " + StoreLocation.LocalMachine;
                    FirmarConCertificado(nombreCertificado, certificate);
                    Message.Text = "El certificado " + nombreCertificado + " no esta instalado en la máquina";
    public void FirmarConCertificado(string nombreCertificado, X509Certificate2 certificate)
     var mensaje = "Datos de prueba";
                    System.Text.Encoding enc = System.Text.Encoding.Default;
                    byte[] data = enc.GetBytes(mensaje);
                    var contentInfo = new System.Security.Cryptography.Pkcs.ContentInfo(data);
                    var signedCms = new System.Security.Cryptography.Pkcs.SignedCms(contentInfo, true);
                    var cmsSigner = new System.Security.Cryptography.Pkcs.CmsSigner(certificate);
                    //  Sign the CMS/PKCS #7 message
                    //  Encode the CMS/PKCS #7 message
                   var ret = Convert.ToBase64String(signedCms.Encode());
     Message.Text += "Firmado con Certificado " + nombreCertificado + " encontrado en " + StoreLocation.LocalMachine;
     catch (Exception ex)
     Message.Text = "Error al firmar con certificado: " + ex.ToString();
     Message.Text += "<br /><br />InnerException: " + ex.InnerException;

The code fails for me, and I get this error: Cannot find the certificate and private key for decryption.

Error line is:signedCms.ComputeSignature(cmsSigner);

> Error al firmar con certificado:
> System.Security.Cryptography.CryptographicException:
> Cannot find the certificate and
> private key for decryption.
> at
> System.Security.Cryptography.Pkcs.PkcsUtils.CreateSignerEncodeInfo(CmsSigner
> signer, Boolean silent) at
> System.Security.Cryptography.Pkcs.SignedCms.Sign(CmsSigner
> signer, Boolean silent) at
> System.Security.Cryptography.Pkcs.SignedCms.ComputeSignature(CmsSigner
> signer, Boolean silent) at
> System.Security.Cryptography.Pkcs.SignedCms.ComputeSignature(CmsSigner
> signer) at
> ASP.dgsfp_test_testcert_aspx.FirmarConCertificado(String
> nombreCertificado, X509Certificate2
> certificate) in
> c:\Reale\NSI\DGSFP\DGSFP\Test\TestCert.aspx:line
> 242


Then, the admin user (I remember, who install the certificate) executes this commands:

> FindPrivateKey My LocalMachine -t "93
> bc a4 ad 58 c9 3c af 8b eb 0b 2f 86 c7
> 9d 81 70 a6 c4 13" –c   
> FindPrivateKey
> My LocalMachine -n "ENTIDAD COMPANY
> FindPrivateKey My LocalMachine -n
> –a

The result for all 3 commands is the same:

> FindPrivateKey helps user to find the
> location of the Private Key file of a
> X.50 9 Certificate.
> Usage: FindPrivateKey [{ {-n } | {-t }
> } [-f | -d | -a]]
>    <subjectName> subject name of the
> certificate
>    <thumbprint>  thumbprint of the
> certificate (use certmgr.exe to get
> it)
>    -f            output file name only
>    -d            output directory only
>    -a            output absolute file
> name e.g. FindPrivateKey My
> CurrentUser -n "CN=John Doe"
> e.g. FindPrivateKey My LocalMachine -t
> "03 33 98 63 d0 47 e7 48 71 33 62 64
> 76 5 c 4c 9d 42 1d 6b 52" -c

FindPrivateKey don't get anything, but winhttpcertcfg.exe -l works fine (matching certificate) 

We have given privileges to the Network Service user using the winhttpcertcfg.exe tool, and in code ASP.NET (execute under Network Service account) the certificate is found. But fails when sign using certificate.

If someone could give us some information about, or suggestions 


I have the following .Net code for sign using client certificate.

I have client certificate stored under local computer and not the current user.

The client certificate  is pfx pkcs#12 and has private key

Imported private key are NOT marked as exportable.

my private key in client certificate protected  by password.

On the last line above, I get the error "Cannot find the certificate
and private key for decryption ".

It looks like the Private Key is not accessible when using my code.

Is there anyway for me to associate the private key to my client certificate ? Any suggestions ?


    public void FirmarConCertificado(string nombreCertificado, X509Certificate2 certificate)
     var mensaje = "Datos de prueba";
                    System.Text.Encoding enc = System.Text.Encoding.Default;
                    byte[] data = enc.GetBytes(mensaje);
                    var contentInfo = new System.Security.Cryptography.Pkcs.ContentInfo(data);
                    var signedCms = new System.Security.Cryptography.Pkcs.SignedCms(contentInfo, true);
                    var cmsSigner = new System.Security.Cryptography.Pkcs.CmsSigner(certificate);
                    //  Sign the CMS/PKCS #7 message
                    signedCms.ComputeSignature(cmsSigner);  // <<<<<<< FAILS HERE
                    //  Encode the CMS/PKCS #7 message
                   var ret = Convert.ToBase64String(signedCms.Encode());
     Message.Text += "Firmado con Certificado " + nombreCertificado + " encontrado en " + StoreLocation.LocalMachine;
     catch (Exception ex)
     Message.Text = "Error al firmar con certificado: " + ex.ToString();
     Message.Text += "<br /><br />InnerException: " + ex.InnerException;



Hi All,

I am facing validation issue when client send the request to Server.

Signing without primary signature requires timestamp.

this issue is becuase of missing timestamp.But i am sending the time stamp but after the signature.


 But i am sending the timestamp in my Soap request .Please find my soap request

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"><wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-D43334D6ACEBA3E32012719535506481">MIIFEzCCA/ugAwIBAgIQFL9Ls445O1SBMhn1cj8R6DANBgkqhkiG9w0BAQUFADCBtTELMAkGA1UEBhMCVVMxFzAVBgNVBAbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUUgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwOTEvMC0GA1UEAxMmVmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzIwHhcNMDkxMDA3MDAwMDAwWhcNMTAxMDA3MjM1OTU5WjCBgzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxETAPBgNVBAcUCFNlY2F1Y3XXXXXXXXXXXXXXXXXXXXQ+MP5uMrLiv6SVf68s1zNvgkXhXXXXXXXXxOG/8xVPswSzX40B4hgG9xxxxxxxxxxxeFRcyTe/tdbmTh4xeOkP+86T25JIkWF+Q4KrEZJgOBvwq0/gDjChOIkd8zjov0vkM12W9VF7JfP6aFpeOn7PNxUvER5zf7gnNxmLrqh0gBRxomxyTg3Gk7IeFX/RGPDBQsg1Jd/0bHgvrt2C/qQoNoFqomSBCmw5wWkCyxo1we9RGplo3edOd0LmisOogWRBZHG6m2AMGw/ElaG40daCl1bpRYu09RmhHAD72Q==</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-2">


<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>

<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>

<ds:Reference URI="#id-3">


<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>


<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>









<ds:KeyInfo Id="KeyId-D43334D6ACEBA3E32012719535506582">

<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-D43334D6ACEBA3E32012719535506683"><wsse:Reference URI="#CertId-D43334D6ACEBA3E32012719535506481" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"></wsse:Reference></wsse:SecurityTokenReference>



<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1"><wsu:Created>2010-04-22T16:25:50.638Z</wsu:Created><wsu:Expires>2010-04-22T16:30:50.638Z</wsu:Expires></wsu:Timestamp></wsse:Security></soapenv:Header><soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-3"><mRequest xmlns="http://XXX.Sxxxes.com"><Input>003420837</Input></mRequest></soapenv:Body></soapenv:Envelope>

In above time stap is there in my request.why i am getting Same error?

the above request is coming from Java client.similer way my .Net client client also sending the request with same way here it is working fine.the only diff is timestam is at top above the binary signature token.(through soapUI also itested if the signature is after the Binary token i am getting error other wise this is working fine.

.Net Request (Working fine) :

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">


 <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

 <u:Timestamp u:Id="_0">




 <o:BinarySecurityToken u:Id="uuid-9e52ac15-201e-4b40-aab2-f237f42fdf56-1" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MIIDyzCCAzSgAXXXXXKVakH6AABAAAP3TANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQWV0bmEgSW5jLjEkMCIGA1UEAxMbQWV0bmEgSW5jLiBTZWN1cmUgU2VydmVyIENBMB4XDTEwMDMxMTE2MTQwMloXDTEyMDMxMDE2MTQwKBggrBgEFBQcDATAnBgNVHREEIDAeghxkYXRhZW5jcnlwdGlvbi5tZW1iZXJpYmEuY29tMA0GCSqGSIb3DQEBBQUAA4GBAHDleQnai+UC7yYiRg60fIqFREW/SwlpxK5/zGcykvpzboCguSHQhwusfgjdi5ySr5uSHlyRKBOomb9h/gr+5qkesXqOJ/dAR9fiSFF6z+/egMFUqsvUUw/4ZkS3345Y26YTqlxHeZ3ot1C7WC9XwA4Og8IbuNbvJBf0JiHPItif</o:BinarySecurityToken> 

 <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">


 <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> 

 <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> 

 <Reference URI="#_0">


 <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> 


 <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> 







 <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-9e52ac15-201e-4b40-aab2-f237f42fdf56-1" /> 







 <mRequest xmlns="http://XXX.Sxxxes.com">





so is it possible to handle this?











I am getting below from certification which we installed for HTTPS:// site

“Automatic certificate enrollment for local system failed to download certificates for ROOT store from ldap:///CN=Certification Authorities,CN=Public Key Services,CN=Services,CN=Configuration,DC=XX,DC=XX,DC=XX?cACertificate?one?objectCategory=certificationAuthority (0x8007006e). The system cannot open the device or file specified.”

Now we are no need of accessing this HTTPS:// site so pls let me knwo how i can remove the previously installed certificate from my sharepoint server.



Im currently creating a X509Certificate2 certificate and install that certificate in to a current user's personal Certificate Store using a .Net program. This certificate installation process initiate by a Windows Service and the windows service is running by current user's credentials. So the certificate get installed in to the service running user's personal certificate store.

Error Scenario:-

In Windows Server 2008,
The Windows Service is running with another user's credentials. (So the Certificate should install in to the Service running users personal certificate store).

But after login with a different user and when the certificate installation process is initiated by the windows service, following exception has been generated and certificate will not be installed.

Fail to install a certificate into its  respective certificate store.  ---> System.Security.Cryptography.CryptographicException: An internal error occurred.

   at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
   at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
   at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
   at Mcd.Rdm.Tools.ComponentInstaller.CertificateHandler.Execute(String[] args)
   --- End of inner exception stack trace ---

But the above mentioned process will be successfully completed without any issue on the Windows Server 2003, Windows Xp O/S.
Please provide any details if there is any security setting that we need to change in the Windows Server 2008 environment.



I have a question as the title,

I'm building wince6 r3 with vs2005 and platform builder,

when i surfing and connect to https web site by IE6 in wince,

like http://mail.google.com or https://www.dropbox.com

it's will appear security alert dialogue,   for example,


"There is a problem with the site's security certificate.

The security certificate is from a trusted certifying authority.

The security certificate date is valid.

The name on the security certificate is invalid."


and view the certificate,

friendly Name is *.google-analytics.com

something weird is comment,

it say "The certificate is not valid. Make sure the time on your computer is correct."


but if the time goes wrong, it's should be error at first dialogue.

so i have no idea with that...

enviroment: VS2005 Trial edition and CE6 Platform builder SP1.




I use TFS2010 and the MSF process template. While editing the Iteration Backlog.xlsm I get the following error:

Area, Iteration, Start Date, End Date is  set and Trend Start Date is left blank. Processing the cube on the sql server does not solve the issue.

The dates have the following format: dd-mm-yyyy.

I have looked at this post, but waiting the weekend over, did not  solve my issue ;-)


I hope you can help me.


Hi friends,

This is the final hope to clear this error.Due to this error i am unable to see the controls of my project.so i am unable to move to next step. Here i am creating a tree structure which having Desktop,MyComputer etc..11 icons. while tree pop up these icons are adding dynamically. i kept these icons in folder and i assign image index with below code.due to dis icons i am geting fallowing error.

Specified argument was out of the range of valid values. Parameter name: '0' is not a valid value for 'index'.

my code:



(DriveInfo drv inDriveInfo.GetDrives())



//add logos of the tree


if (drv.DriveType == DriveType.CDRom)

parentNode.Nodes[j++].ImageIndex = 2;


elseif (drv.DriveType == DriveType.Network)

parentNode.Nodes[j++].ImageIndex = 8;


elseif (drv.DriveType == DriveType.Unknown)

parentNode.Nodes[j++].ImageIndex = 9;


elseif (drv.DriveType == DriveType.Removable)

parentNode.Nodes[j++].ImageIndex = 1;

//add rem img index


elseif (drv.DriveType == DriveType.Fixed)

parentNode.Nodes[j++].ImageIndex = 3;


elseif (drv.DriveType == DriveType.Ram)

parentNode.Nodes[j++].ImageIndex = 3;

//add ram img index


I am pleased to each and every one..please help me out.


thank you in advance..

Srinubabu g.



I'm using a struct for a model parameter. However Spec Explorer is giving me an error that the parameter type is invalid.

Error	1	Type of parameter 'message' in method 'Temp.SimpleMessageModel.SendMessage(Temp.Sample.Message)' is not valid.
You must use either a primitive type, struct, native type,or model type which has a binding to an implementation type.		

Temp.Sample.Message is indeed a struct.

namespace Temp.Sample
  public struct Message
    string[] to;
    public string[] To
      get { return to; }
      set { to = value; }

    string from;
    public string From
      get { return from; }
      set { from = value; }

    string subject;
    public string Subject
      get { return subject; }
      set { subject = value; }
    string body;
    public string Body
      get { return body; }
      set { body = value; }
Any ideas as to what may be confusing Spec Explorer?

I am developing a tool which will import a certificate into cert store. the certificate is self-sign. But before importing it, I want to know if it is a self-sign certificate.

I can't find a good solution by the following link from MSDN, and bing/google.

Can anyone give me some ideas?

Cryptography Functions



Platform: windows mobile 6.0 and windows CE 5.0/6.0

Language: C++


I have the case that a user should be able to select a stored X.509 certificate in his personal store. I know how to program this. My problem is that I don't know how to get a unique identifier for the selected certificate (off the X509Certificate2 instance).

The thumbprint should be unique, but this value is changed when the certificate is renewed. Somewhere I read that Microsoft recommends using the Subject Key Identifier (V3 extension) instead, but this value is not available on all certificates (even not on V3 certificates).

I know as well that I could use a certificate file instead if the related CA certificate is in a trusted store. But this may be problematic because the user needs to have the file (that may have been installed in the store by an administrator) and needs to know the password (if there is one).

So, how do I get a unique ID from an X509Certificate2 instance? Or am I completely wrong to read the certificate from the store?


Problems began when I received the MSDN Final VS 2005 v8.0.50727.42 and uninstalled the RC build which I had worked with without issue and replaced it with the previously mentioned.

After four or so installs/uninstalls I got past the Invalid license data. Reinstall is required. http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=162712&SiteID=1

I have tested C++ project builds for managed and unmanaged code and both work without a problem. My C# projects however fail to build, the error I get is:

------ Rebuild All started: Project: D And P, Configuration: Release Any CPU ------
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Common.targets(1718,7): error MSB3323: Unable to find manifest signing certificate in the certificate store.
Done building project "D And P.csproj" -- FAILED.
========== Rebuild All: 0 succeeded, 1 failed, 0 skipped ==========

If anyone has any idea of what a next step is please let me know.

hi all,
i m getting problem inh my project, which in VB.NET.
Actually i was developing a small software, to be familier with visual basic.NET, as i was coding with Visual Basic.
everything was running very fine, day before i installed winXp again ( freash installeation). Then simply VS 2005,with out any error.
Now i m able to open, my project, i can edit it, but if i try to build the executable, or compilation. it is giving strange error.
below what error IDE is giving
Error 1 Unable to find manifest signing certificate in the certificate store. MDI_ES
here i m also posting a screen shot of error on image hack, see that also for ref.


<< Previous      Next >>

Microsoft   |   Windows   |   Visual Studio   |   Sharepoint   |   Azure