Failing generating certificate.
Closed this issue · 3 comments
When starting the service it failes with an COM-exception (Windows Server 2012 R2 64bit):
[17-6-2016 16:05:31] 8b20419a-7842-4915-8e26-ed379cc0bfe3
WARNING No signing certificate found, so generating new certificate.
[17-6-2016 16:05:31] 8b20419a-7842-4915-8e26-ed379cc0bfe3
CRITICAL Exception when starting proxy: Unable to cast COM object of type 'System.__ComObject' to interface type 'CERTENROLLLib.CX509PrivateKey'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{728AB362-217D-11DA-B2A4-000E7BBB2B09}' failed due to the following error: No such interface supported (Exception from HRESULT: 0x80004002 (E_NOINTERFACE)).
Any idea's? Is this a bug or environmental?
Looks like this is related to a change that was introduced into Server 2008 R2, 2012, 2012 R2, and 2016. Microsoft added new methods to the CERTENROLLLib interface, so now we have to explicitly map which COM interface we want to use.
I'll try to update the certificate generation code to work on modern OSes, but don't have an estimate when it will be complete.
The first step is changing the following on line 109 of CertHelper.cs:
Old:
CX509PrivateKey privateKey = new CX509PrivateKey();
New:
IX509PrivateKey privateKey = (IX509PrivateKey)Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CX509PrivateKey"));
If you have any luck, pull requests are welcome. Thanks.
I finally replaced the problematic CERTENROLLLib interface with BouncyCastle. As of release 2.4.0, self-signed certificate generation should be smoother and more portable. Thanks for the report.