I'm writing a Windows service that needs several certificates in the certificate store in order to connect to a third party web service.
On my installer I call a small application (C#) that creates a user to run the service as.
It works fine.
I now need to install about 10 certificates (don't ask!) into the users certificate store, but can't find any succinct programmatic way to do so.
Any hints? Or am I going to have to use COM interop...
Turns out you first need to impersonate the user.
Using the very nice library described in A small C# Class for impersonating a User, you can do the following:
using (new Impersonator("username", "", "password"))
{
    try
    {
        X509Store serviceRuntimeUserCertificateStore = new X509Store(StoreName.My);
        string baseDir = AppDomain.CurrentDomain.BaseDirectory;
        string certPath = Path.Combine(baseDir, certificateFolder);
        string certificateFile = "c:\\file.cert";
        string certificatePassword = "somePassword";
        string certificateLocation = certPath + "\\" + certificateFile;
        InstallCertificate(certificateLocation, certificatePassword);
    }
    catch (Exception ex)
    {
        Console.WriteLine(ex);
    }
}
private static void InstallCertificate(string certificatePath, string certificatePassword)
{
    try
    {
        var serviceRuntimeUserCertificateStore = new X509Store(StoreName.My);
        serviceRuntimeUserCertificateStore.Open(OpenFlags.ReadWrite);
        X509Certificate2 cert;
        try
        {
            cert = new X509Certificate2(certificatePath, certificatePassword);
        }
        catch(Exception ex)
        {
            Console.WriteLine("Failed to load certificate " + certificatePath);
            throw new DataException("Certificate appeared to load successfully but also seems to be null.", ex);
        }
        serviceRuntimeUserCertificateStore.Add(cert);
        serviceRuntimeUserCertificateStore.Close();
    }
    catch(Exception)
    {
        Console.WriteLine("Failed to install {0}.  Check the certificate index entry and verify the certificate file exists.", certificatePath);
    }
}
Please add your own exception handling. If you're adding multiple certificates keep the X509Store open for the duration for efficiency.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With