The specified file could not be decrypted

mahdi666mahdi7 · August 8, 2020, 8:20pm

I try to call this function:

GenerateSSL("co name", "IT", "Stockholm", "Stockholm", "US", "email@gmail.com", "my-domain.com" , "pass word");

public static async Task GenerateSSL(
    string companyName,
    string organizationalUnit,
    string locality,
    string state,
    string countryCode,
    string email,
    string domain,
    string password)
        {
            IList< string> domains = new[] { domain };
         
            var acme = new AcmeContext(WellKnownServers.LetsEncryptStagingV2);
            var account = await acme.NewAccount("myemail@gmail.com", true);
            Console.WriteLine(acme.AccountKey.ToPem());
            // Save the account key for later use
            //var pemKey = acme.AccountKey.ToPem();


            var order = await acme.NewOrder(domains);
            var authorizations = await order.Authorizations();

            //get all of the authorizations
            foreach (var auths in authorizations)
            {
                var httpChallenge = await auths.Http();
                var dnsChallenge = await auths.Dns();
                var dnsTxt = acme.AccountKey.DnsTxt(httpChallenge.Token);

                //Set DNS settings
                Console.WriteLine(dnsTxt);
                var title = acme.AccountKey.DnsTxt(httpChallenge.Token);
                var keyAuthz = acme.AccountKey.KeyAuthorization(httpChallenge.KeyAuthz);
                string folder =
                    @"C:\wwwroot\my-domain.com\wwwroot\.well-known\acme-challenge\";
                File.WriteAllText(folder + httpChallenge.Token, httpChallenge.KeyAuthz);


                await httpChallenge.Validate();

                var resource = await auths.Resource();
                while (resource.Status != AuthorizationStatus.Valid)
                {
                    await Task.Delay(1000);
                    if (resource.Status == AuthorizationStatus.Invalid)
                    {
                        Console.WriteLine("Invalid!");
                        Console.ReadLine();
                        break;
                    }
                }
            }
            Console.WriteLine("valid!");

            //create the private key
            var privateKey = KeyFactory.NewKey(KeyAlgorithm.ES256);


            var csr = new CertificationRequestBuilder();

            string commonNames = string.Join(",", domains.Select(o => $"CN={o}"));
            string subject = $"C={countryCode}, ST={state}, L={locality}, O={companyName}, OU={organizationalUnit}, {commonNames}, emailAddress={email}\"";
            csr.AddName(subject);

            foreach (var dom in domains)
                csr.SubjectAlternativeNames.Add(dom);

            //get the cert(s)
            await order.Finalize(csr.Generate());

            var cert = await order.Download();
            var certPem = cert.ToPem();
            var pfxBuilder = cert.ToPfx(privateKey);
            var pfx = pfxBuilder.Build(domains.First(), password);
         
            System.IO.File.WriteAllBytes($@"C:\temp\cert\output1.pfx", pfx);

            // Assume 'site' is already set to your site via something like 
            // Site site = mgr.Sites.Add(siteName, directory, 443);

            X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
            store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);

            // Here, directory is my install dir, and (directory)\bin\certificate.pfx is where the cert file is.
            // 1234 is the password to the certfile (exported from IIS)
            X509Certificate2 certificate = new X509Certificate2( @"C:\temp\cert\output1.pfx", "dsadsadsa");

            store.Add(certificate);
         
            Microsoft.Web.Administration.ServerManager iisManager = new Microsoft.Web.Administration.ServerManager();
            if (iisManager.Sites[domain] == null)
                return;
           
                iisManager.Sites[domain].Bindings.Add("*:443:", certificate.GetCertHash(), store.Name);
                iisManager.CommitChanges();
            
               

        }

I able to see "valid" result, but ".pfx" has problem. This error appears during using ".pfx" file:

The specified file could not be decrypted

Osiris · August 8, 2020, 8:39pm

Did you use the password when “using” the file? (Whatever “using” may be…)

Also, you’re not really giving us much information here. I have no idea what you’re doing with what kind of software.

mahdi666mahdi7 · August 8, 2020, 8:56pm

Upload whole class:
Program.txt (4.8 KB)

Osiris · August 8, 2020, 9:01pm

I’m sorry, but I still fail to see what you’re actually doing and where the error comes from. Did you write the class yourself? What libraries are you using? What are you trying to achieve?

Personally I’m no Windows programmer, but even if I was, I couldn’t help you by lack of information. I would expect someone asking for help to invest more into the problem. Explain more. Give more information. This to me looks like dumping the problem with as little as possible information onto a forum and hope someone helps me. For me, it doesn’t work like that. Therefore (and the fact I’m not a Windows programmer) I won’t reply any longer in this thread.

mahdi666mahdi7 · August 8, 2020, 9:07pm

I was using:

From past week, this code doesn’t work , error: Account creation on ACMEv1 is disabled

Then I find:

All I looking is a simple code to make ssl on iis with c# code.

danb35 · August 8, 2020, 9:38pm

Well, that's true. ACME v1 has long been deprecated, and ACME v2 has been out for well over two years at this point. If your client software/library doesn't support ACME v2, it's woefully undermaintained, and you should choose one that does.

mahdi666mahdi7 · August 8, 2020, 9:49pm

Is there any simple code of c# like:
Program.txt (4.8 KB)

or someone who can update this:

I able to pay with paypal

danb35 · August 8, 2020, 10:27pm

I’d probably start by looking here:

mahdi666mahdi7 · August 9, 2020, 8:45am

Even Your link(GetCert2 (simple GUI - .Net, C#, WPF, WCF)) doesn’t work

Osiris · August 9, 2020, 9:13am

That’s a whole different problem, not related to the “decryption issue” from your first post. With your latest attemt, Let’s Encrypt received a HTTP 500 Internal server error from the webserver when trying to authorize the challenge.

mahdi666mahdi7 · August 9, 2020, 10:12am

I was looking for a simple code,
I able to use “wacs.exe” and generate ssl but why those project you suggest doesn’t work It’s strange behavior. Wondering why there is no simple code for c#.

system · September 8, 2020, 10:12am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.