I know you say you checked this, but I had this (although not WiX created) last week. I would put money on the file permissions not being correct for the WCF/IIS user to access. The error I received was the same and using 'findprivatekey.exe' from the SDK helped me locate it on disk. As I'm in development I just set 'Everyone' to full access and it worked.
This particular part of the exception 'The process must have access rights for the private key.' makes me think that. Although it could have got put into the wrong container somehow (personal instead of computer level for instance). Hope that helps Ryan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rob Mensching Sent: 29 July 2008 04:49 To: General discussion for Windows Installer XML toolset. Subject: Re: [WiX-users] Failure using Wix installer certificates with WCF That's a new one on me. Certificates have proven to be no end of fun. I should have known this since they are part of the CryptoAPI and that API is one of the most cryptic around. Sorry, couldn't resist the pun. <grin/> Anyway, something subtle is clearly different but I don't have any iea where to start looking. If you find a specific issue, it'd be great to file a bug against it. I'm going to start plowing through the certificate bugs soon. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Morris, John - Raleigh Sent: Monday, July 28, 2008 11:59 To: wix-users@lists.sourceforge.net Subject: [WiX-users] Failure using Wix installer certificates with WCF I have a wix project that uses the IIS extension to install a simple x509 certificate. Here is my wix snippet: <Binary Id="BIN_MyCertificate.pfx" SourceFile="$(var.Binaries)\MyCertificate.pfx" /> <DirectoryRef Id="INSTALLLOCATION"> <?define ComponentGuid = f128910b-318d-4b3f-96c3-f59610bbfce5 ?> <Component Id="CP_ MyCertificate.pfx" Guid="$(var.ComponentGuid)" KeyPath="yes"> <iis:Certificate Id="CERT_ MyCertificate.pfx" BinaryKey="BIN_ MyCertificate " Name="My Certificate" Overwrite="yes" PFXPassword="MyPassword" Request="no" StoreLocation="localMachine" StoreName="personal" /> </Component> </DirectoryRef> The certificate appears to install ok. I then use a custom action to execute the winhttpcertcfg utility to adjust the permissions this certificate. That appears to work too. However, when I try to run a WCF based service (in IIS), I get the error below, in the event log. If I try running an install without have Wix do the certificate installation (ie I manually install it), everything works ok. When Wix installs the certificate, I can see the entry in the MMC console, but WCF won't use it. Am I missing something here, or is there a known bug concerning this scenario? Thanks, John (Event log details below) WebHost failed to process a request. Sender Information: System.ServiceModel.ServiceHostingEnvironment+HostingManager/18271112 Exception: System.ServiceModel.ServiceActivationException: The service '/SelectServer/Integration/v1/Registration.svc' cannot be activated due to an exception during compilation. The exception message is: The certificate 'CN=My Certificate' must have a private key that is capable of key exchange. The process must have access rights for the private key.. ---> System.ArgumentException: The certificate 'CN=My Certificate' must have a private key that is capable of key exchange. The process must have access rights for the private key. ---> System.Security.Cryptography.CryptographicException: Keyset does not exist at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize) at System.Security.Cryptography.RSACryptoServiceProvider..ctor(CspParameter s parameters) at System.Security.Cryptography.X509Certificates.X509Certificate2.get_Priva teKey() at System.ServiceModel.Security.SecurityUtils.EnsureCertificateCanDoKeyExch ange(X509Certificate2 certificate) --- End of inner exception stack trace --- at System.ServiceModel.Security.SecurityUtils.EnsureCertificateCanDoKeyExch ange(X509Certificate2 certificate) at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.Crea teServerX509TokenProvider() at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.Crea teLocalSecurityTokenProvider(RecipientServiceModelSecurityTokenRequireme nt recipientRequirement) at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.Crea teSecurityTokenProvider(SecurityTokenRequirement requirement) at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.Crea teTlsnegoServerX509TokenProvider(RecipientServiceModelSecurityTokenRequi rement recipientRequirement) at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.Crea teTlsnegoSecurityTokenAuthenticator(RecipientServiceModelSecurityTokenRe quirement recipientRequirement, Boolean requireClientCertificate, SecurityTokenResolver& sctResolver) at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.Crea teSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, SecurityTokenResolver& outOfBandTokenResolver) at System.ServiceModel.Security.SecuritySessionSecurityTokenAuthenticator.S essionRenewSecurityTokenManager.CreateSecurityTokenAuthenticator(Securit yTokenRequirement tokenRequirement, SecurityTokenResolver& outOfBandTokenResolver) at System.ServiceModel.Security.SymmetricSecurityProtocolFactory.OnOpen(Tim eSpan timeout) at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(T imeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Security.SecurityProtocolFactory.Open(Boolean actAsInitiator, TimeSpan timeout) at System.ServiceModel.Security.SecurityListenerSettingsLifetimeManager.Ope n(TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelListener`1.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Security.SecuritySessionSecurityTokenAuthenticator.O nOpen(TimeSpan timeout) at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(T imeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Security.CommunicationObjectSecurityTokenAuthenticat or.Open(TimeSpan timeout) at System.ServiceModel.Security.SecurityUtils.OpenTokenAuthenticatorIfRequi red(SecurityTokenAuthenticator tokenAuthenticator, TimeSpan timeout) at System.ServiceModel.Security.SecuritySessionServerSettings.OnOpen(TimeSp an timeout) at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(T imeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Security.SecurityListenerSettingsLifetimeManager.Ope n(TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelListener`1.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.ServiceHostingEnvironment.HostingManager.ActivateSer vice(String normalizedVirtualPath) at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServi ceAvailable(String normalizedVirtualPath) --- End of inner exception stack trace --- at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServi ceAvailable(String normalizedVirtualPath) at System.ServiceModel.ServiceHostingEnvironment.EnsureServiceAvailableFast (String relativeVirtualPath) Process Name: w3wp Process ID: 4000 ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.138 / Virus Database: 270.5.6/1579 - Release Date: 29/07/2008 06:43 ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
