Failed to send certificate after upgrading to latest windows phone 8.1

19

I have a Windows Phone App, built for 8.1, and one of the tasks was a client-server certificate scenario. My app worked fine, I could send the client certificate and login to the server. However after upgrading to windows 8.10.14xxxx that was not possible. I took wireshark traces and it seems that the certificate is never send. The content length of the message is 0.

I use HttpClient.SendAsync (await) and HttpBaseProtocolFilter to enter the certificate. It worked perfect before the upgrade.

Any idea? Is something broken?

First I am installing the pfx

async private void btnInstall_Click(object sender, RoutedEventArgs e)
{
    //Install the self signed client cert to the user certificate store

    string CACertificate = null;
    try
    {
        Uri uri = new Uri("ms-appx:///certificates/test.pfx");
        var file = await Windows.Storage.StorageFile.GetFileFromApplicationUriAsync(uri);
        IBuffer buffer = await FileIO.ReadBufferAsync(file);
        using (DataReader dataReader = DataReader.FromBuffer(buffer))
        {
            byte[] bytes = new byte[buffer.Length];
            dataReader.ReadBytes(bytes);
            // convert to Base64 for using with ImportPfx
            CACertificate = System.Convert.ToBase64String(bytes);
        }
        await CertificateEnrollmentManager.UserCertificateEnrollmentManager.ImportPfxDataAsync(
            CACertificate,
            "xxxxx",
            ExportOption.Exportable,
            KeyProtectionLevel.NoConsent,
            InstallOptions.None,
            "ClientCert1");


    }
    catch (Exception ex)
    {
        //;
    }
}

Then I am calling the service

string serviceURL = "https://my.web.services";
Certificate cert = null;

CertificateQuery query = new CertificateQuery();
query.FriendlyName = "ClientCert1";
IReadOnlyCollection<Certificate> certs = await CertificateStores.FindAllAsync(query);

HttpBaseProtocolFilter bpf = new HttpBaseProtocolFilter();
//if you install the CA you don't need to ignore the ServerCertificate Errors
//bpf.IgnorableServerCertificateErrors.Add(ChainValidationResult.Untrusted);

if (certs.Count > 0)
{
    cert = certs.ElementAt(0);
    bpf.ClientCertificate = cert;
}

HttpClient httpClient = new HttpClient(bpf);
try
{

    var response = await httpClient.GetInputStreamAsync(new Uri(serviceURL));
    //take data
}
catch (Exception ex)
{              
    //0x80072F0D 
}

I am always taking an excepting (0x80072F0D) when running in 8.10.14xxxx windows phone. My code worked before the update, now I am always taking this return code. The certificate is loaded in httpClient. When I stop the app with the debugger it seems that the certificate is there, however the 0x800072F0D probably means that the certificate is not sent???

There is an intermediate certificate authority in the scenario. That certificate is included in the pfx. Do I need to install this somehow?

windows-phone-8.1
windows-phone
certificate
windows-10
windows-10-mobile
asked on Stack Overflow Aug 3, 2015 by cateof • edited Sep 21, 2015 by Mindsers

1 Answer

1

I am assuming that you have already put the client certificate in app certificate store. If not then do these:
1) Download the PFX file.
2) Install certificate in the App's certificate store by following

await CertificateEnrollmentManager.ImportPfxDataAsync(certString, "Your_PFX_Password", ExportOption.Exportable, KeyProtectionLevel.NoConsent, InstallOptions.None, friendlyName);

3) Check for the certificate in certificate store.

CertificateQuery certQuery = new CertificateQuery();
certQuery.FriendlyName = friendlyName;
IReadOnlyList<Certificate> certs = await CertificateStores.FindAllAsync(certQuery);

The certs[0] should have the certificate that you need.

4) Now, to attach the certificate to HTTP request

HttpBaseProtocolFilter protolFilter = new HttpBaseProtocolFilter();
protolFilter.ClientCertificate = certs[0] //from previous step
HttpClient client = new HttpClient(protolFilter)

PS : You should not use System.Net.htpp.HttpClient. Instead of that you should use Windows.Web.Http.HttpClient.

answered on Stack Overflow Sep 16, 2015 by DOTNET Team • edited Sep 16, 2015 by abligh

User contributions licensed under CC BY-SA 3.0