Hi Marcello, Honestly, I'm not really a Windows developer - when working on the patch, the certificate system on Windows seemed to me incredibly chaotic - especially compared to Java or to the Qpid C++ client on Linux :-(. I also experienced some issues with finding the proper certificate store.
I would assume that if you run the service under user LocalSystem it has its own "MY" store. So although it may have access to the "MY" store of the other user, the store would need to be identified differently. I can try to investigate it a bit more once I find some free time. In the meantime, you can try to a) load the certificate into another or b) try to make your application to search for the certificates in another store (there is an connection option ssl-cert-store which can be used to point the application to different stores). Regards Jakub On Thu, Nov 8, 2012 at 12:48 PM, Marcello <[email protected]>wrote: > Hi Jakub > > I would like to inform you that we applied the FIRST patch attached to JIRA > QPID-3914, the file sel-client-authentication.patch, the client-side > certificate authentication is now possible in many cases, but we continue > to > have some issues. > (NB: We have not applied the second patch file > ssl-client-auth-filecert.patch) > > The patch has been applied to the QPid C++ 0.18 source-code downloaded from > the Apache website. > > I have registered my private certificate in the “My” system store either > for > the current user (the user logged onto the machine) either for the local > machine, via the MMC console. Be sure that the certificate is good and it > includes my private key. > > Our application is a .Net Windows service, to reference our certificate in > our application we use this code sample: connection.SetOption("username", > "<our account Id>"); > > When I run theWindows service as the user for whom I registered the > certificate, then the certificate is correctly loaded, instead the > certificate is not loaded when I run the service as the user “LocalSystem” > (the default user we use to run our Windows services). The error > "Impossible > to find object or property", is then raised from the Qpid module when it > calls the procedure CertFindCertificateInStore (this call exists since you > applied the first patch attached to JIRA QPID-3914). I point up that the > “My” store instead continues to be accessible. > > I used either the MMC console either the winhttpcertcfg.exe system tool in > order to verify that the “LocalSystem” user has the rights to access my > certificate. Afterwards either the MMC console and the winhttpcertcfg.exe > tool confirm that THEORETICALLY the user “LocalSystem” has the rights to > access the certificate. > > Do you have any suggestion to help me to solve this problem? Maybe have i > to > apply the second patch ssl-client-auth-filecert.patch attached to JIRA > QPID-3914 and use in my service the certificate physical files instead the > certificates system store? > > Thanks you in advance.. > > > > -- > View this message in context: > http://qpid.2158936.n2.nabble.com/QPid-0-18-C-C-client-side-certificate-authentication-QpidException-tp7583696p7584446.html > Sent from the Apache Qpid users mailing list archive at Nabble.com. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
