.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

restore certificate without private key

Posted By:      Posted Date: October 13, 2010    Points: 0   Category :Sql Server

Hi, this is a question both to fix the immediate issue, and gain some understanding of the security model.

As part of trying out transparent data encryption, I have backed up and restored a user database certificate on a different server without specifying a private key on either the backup or restore.

When I try to attach the encrypted database on the other server where I have restored the certificate, I get the error

" a key required by this operation appears to be corrupted "

I have checked that the certificate thumbprint matches on the source and destination servers.

So my question is - do I necessarily need to backup the certificate with a private key for this process to work? And if yes, then why is this so - what is the significance of the certificate's private key


View Complete Post

More Related Resource Links

Certificate API question - Private Key.

I am trying to follow http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.aspx but I am finding that the Private Key property of the certificate is always null. I created the certificate with makecert -pe -n "CN=BuySeasonsThirdParty" -r -b 08/26/2010 -e 08/26/2011 -sky exchange Amazon.cer. Then installing it on the local user store using: X509Store store = new X509Store(storeName, StoreLocation.CurrentUser); and using the same API to get the certificate from the store. The certificate that I retrieve from the store is non-null it is just the PrivateKey is null. So I can encrypt using something like: ((RSACryptoServiceProvider)cert.PublicKey.Key).Encrypt(Encoding.Unicode.GetBytes(text), true)   But since the Private Key property is NULL I cannot decrypt. Any ideas? Kevin

Certificates: Cannot find the certificate and private key for decryption Error when sign

Note: from stackoverflow: I think is better for system administrators.

I work in company with many servers and Pcs for developers. Servers are win2003, PC developers Windows XP.

In a server Win2003 named preiis01, in preproduction environment, other people in company install a client certificate using any other user (domainCompany\adminsystems) for logging in server preiis01.

Anyone admin uses the user "domainCompany\adminsystems" for log in server preiis01 (using Terminal Server, Remote Desktop for Windows XP).

the admin user is domainCompany\adminsystems", which installs certificate.

Admin user install it like this:

Session login like "domainCompany\adminsystems"
Certificate is PFX file. Do Install PFX and using Wizard. The key private not check for export.
Input the password and install.

There is an application Web which AppPool Identity is: NETWORK SERVICE account.

web server is IIS 6.0.

in preiis01,

That admin user executes mmc -> Snap in -> Certificates for Local Machine. In no

SSL certificate question "The certificate ... must have a private key that is capable of key exchang


OK I'm cheating a bit, but I promise not to cross-post again!  I posted this to the DiscountASP.net forum, but since it does not get much traffic, and because this question might not be DiscountASP.net related, I'm reposting here.  Forgive me, but I have a sneaky suspicion this might not be as simple as a SSL certificate lacking a private key.

Any ideas what this might be?  I'll post any answers I get from DiscountASP.net here, just to complete the record for future reference.

One more thing:  I did not use the 'makecert' command, since this is a project where the WCF web service resides not on my localhost machine, but remote, at the DiscountASP servers.  They (the DASP people) set up the SSL certificate--I assume they did so properly.  All I did was import it from there, and stored it in the '/My' folder of where I use Visual Studio 2008.  In nearly all examples on the net, the tutorials assume you 'self-sign' your certificate with both the server and client residing locally, in the Visual Studio internal built-in server.  This is not the case here.  What I'm hoping is that it's a simple problem where the SSL certificate I bought does not include a private key--though it's pretty useless for programming purposes if it does not.  Googling this issue I see there are a few threads on this topic bu

File Permissions for Private Key/Certificate Exported from SQL 2008


As part of our new key management system for SQL server, we are backing up the Private Key and Certificate file to a UNC file path that has very restricted access to only Key and Certificate custodians.  When we execute the backup script, it works and puts the Certificate and Key files to the UNC path, but the files do not inherit NTFS permissions from the target path and our Key and Certificate Custodians do not have access to these files.  Is there a way to "force" these files to inherit permissions from their target folder structure?

Here is the SQL script used to generate our key pair:


  TO FILE = '\\UNCCertificatePath\CertificateFile.cert’

how to add Private key to certificate c# / or make a keystore




My webservice is developed in java/weblogic. My certs are gererated by a java program to many files (ClientCert.der,ClientCert.pem,ClientKey.der,ClientKey.pem)

how to add Private key to credential certificate in c#


when i do like this :



Ship.ShipService s = new
, "ClientKey"
, "ServerKey"
// Create a new policy.

Policy webServiceClientPolicy = new
// Specify that the policy uses the MutualCertificate11 turnkey security assertion.

webServiceClientPolicy.Assertions.  Add(new
// Ap

SQL Server Backup and Restore (video)

Restore your full backup, then run a few queries before you keep restoring transaction logs. Brent shows how to use the Standby option for restores.

In this five minute video, Brent demonstrates how to do it by creating a database, populating data, and then showing what disaster recovery is like by doing RESTORE WITH STANDBY.

Security: Protect Private Data with the Cryptography Namespaces of the .NET Framework


The .NET Framework includes a set of cryptographic services that extend the services provided by Windows through the Crypto API. In this article, the author explores the System.Security.Cryptography namespace and the programming model used to apply cryptographic transformations. He discusses reasons why cryptography is easier in .NET than it was before, including the easy programmatic acccess developers have to the cryptography APIs and the difference between symmetric and asymmetric algorithms. Along the way, a brief discussion of the most widely used algorithms, including RSA, DSA, Rijndael, SHA, and other hash algorithms, is provided.

Dan Fox

MSDN Magazine June 2002

Checkout/Chevk in issue in MOSS 2007 while connecting through VPN(virtual private network)


HI, I am using VPN connection . When I try modify a file and try to checkin the file in sharepoint document library it does not gets checked in. I get a message saying

"Unable to checkin the file, since File is being edited in Local Draft, please close the application or discard the checkout ".

Please do the needful....



sslstream client certificate validation error

Hi,I have taken server and client program from MSDN2 for sslstream. in that code client certifiacte authetication is made false  i want to enable that and do the code i have done some modification to the code but is giving error "RemoteCertificateNotAvailable" and i think that its not getting the client certificate at server side.So please can any one help me to do client server program using sslstream in which client certificate also needs to be validated.I am attaching my modified code of MSDN2Server sideusing System;using System.Collections;using System.Net;using System.Net.Sockets;using System.Net.Security;using System.Security.Authentication;using System.Text;using System.Security.Cryptography.X509Certificates;using System.IO;namespace Examples.System.Net{    public sealed class SslTcpServer     {        static X509Certificate serverCertificate = null;        // The certificate parameter specifies the name of the file         // containing the machine certificate.        // The following method is invoked by the RemoteCertificateValidationDelegate.        public static bool ValidateClientCertificate(              object sender,              X509Certificate certificate,              X509Chain chain,              SslPolicyErrors sslPolicyErrors)        {            SslPolicyErrors errors = sslPolicyErrors;            if (errors != SslPolicyErrors.None)            {

System.Messaging - Error accessing properties of remote private queues - "UnsupportedFormatNameExcep

I'm having some difficulty accessing private queues on a remote machine, but no trouble using remote public queues or private queues on a local machine. Calling: System.Messaging.MessageQueue.GetPrivateQueuesByMachine("machine"); ..succesfully returns the array of private queues on the remote machine.  However, trying to access nearly all of the properties on these MessageQueue objects returns: MessageQueueErrorCode: UnsupportedFormatNameOperation Message:"The specified format name does not support the requested operation. For example, a direct queue format name cannot be deleted." I have no trouble accessing queues created identically on the local machine using GetPrivateQueuesByMachine("."), plus accessing public queues using GetPublicQueuesByMachine("machine") also returns MessageQueue objects that are useable. The FormatName returned appears to be valid, as you would expect from queues retreived via GetPrivateQueuesByMachine().  e.g: FormatName:Direct=OS:machine\\private$\\example ..so I think the error message returned may be somewhat spurious. The permissions on the queues all appear to be set correctly.  I had even attempted allowing "Full Control" to "Everyone" on these queues as an experiment, with the same results. Any ideas for other things I might try? p.s. I am running Windows XP SP2, using .NET 2.

Certificate Signing Request Tool

Hi All, Currently there is a requirement in our application for creating a SSL Certificate Signing Request (CSR) message. Is it possible to develop one on .Net Framework 3.5 Some of the websites lilke Verisign do not mention any such procedure where they say that a custom tool is available apart from OpenSSL but they basically have provided a list all the webservers where their Digital Certificates are compatible and the instructions which say how the CSR's can be generated on these web servers.  I understand that the CSR contain the Web Server's public key, organization information and a unique match for server's private key. The certificates issued by the Certifying Authority  is used for Cient/Server authentication over TCP/IP. Look forward for some replies Thanks

Private Security Model Integration

Does anyone have any recommendations on tieing the Microsoft AS security model in with an independent security model. We are at the beginning process to discuss this with a very large international partner and are looking for recommendations form anyone who has done this before. Thanks in advance Alan

Restore - Cube Analysis Services 2005

Hi, I'm from Brazil. Sorry for my English. I made a backup for my cube that has more than 2 GB, but de backup is created with only 50 mb. The backup don't showed erro message. I restored this backup without erro, but when I tryed query the cube, i receive this message: The query could not be processed: o File system error: The following file is corrupted: Physical file: \\?\C:\SQL Server\MSSQL.2\OLAP\Data\teste.59.db\"Nome_Servidor" - "Nome_Database".190.cub\Fato Inadimplencia Safra Contrato.190.det\Fato Inadimplencia Safra Contrato.167.prt\172.fact.data. Logical file . Someone can help? I realy need make this backup.Fabrício França Lima | MCP, MCTS, MCITP | Visite meu site: http://fabriciodba.spaces.live.com/ | Dicas de artigos SQL: Siga-me no twitter @fabriciodba.

SMO Backup and Restore Help

Hello Friends, I am new to SMO, Till now I have only worked with Selct,Insert/update Queries.. Now I want to Implement some backup and restore feature for my application. I looked at some documents of SMO and found it is possible using SMO. First of all I will explain my situation. My application wants to store data belongs to different companies(which is maintained with in application) in to single database server, Sql server 2008. I am planning to use Partition Scheme function and create filegroup for each company. Advantage here is, taking backup of each company will be easy. I am generating primary key for each table without taking into consideration of companies. In other words Particular table's ID 1,2 belongs to Company A, 3 Belongs to Company B and 5 belongs to Company A... But these data will be split in to Different filegroups using Company ID.(horizontal partitioning) Ok... Now the Problem.. My backup for a particular company was taken successfully. Now I want Restore function. When I am trying to restore this backup to somewhere else. Target database may or may not contain Companies installed. When Restoring Will there be any Primary key Violation? I know one solution is to generate primary key by taking into consideration Company Id. But this will cause a complete rewriting of code, as it contains lot of edit/delete queries.  I want to know, whether the

attempting to restore to a new DB and it keeps trying to save the mdf file as the original mdf file

This is using SQL Server 2005. I've had several problems and this is where I've ended up. 1. Despite the claim that this will create a new DB it doesn't.  I was getting errors about the new DB not having the specified logical file name (despite the new DB not existing).  At the time I was specifying the logical file name as it appeared in the backup. 2. if I manually create the DB I still get the error as above unless I manually change the logical file name via sql management studio.  This is meant to be an automated solution so that is not accceptable. 3. I am now giving it the logical file name of the DB that I want to restore onto (if it doesn't exist I create it), but now it's trying to save the file with the old physical file name, which is absolutely *not* what I want. My instincts tell me I need to change the logical file name in the database I'm wanting to restore onto, but I don't know how to do this via SMO.  All of the explanations I've seen are through the SQL Management Studio and that is not acceptable as this needs to be an automated solution. I have copy/pasted the code from the msdn examples verbatim changing only the dbName and the .bak file location and it has consistently failed. Here is the code in it's current incarnation. var serverName = @"myServer"; var dbName = "MIQDesignTest3"; var backupFileN

SQL2008 - Cannot Restore a new database from a full backup of a different one, database in use

I am trying to restore a brand new database from a copy of another one and am encountering an error message stating: System.Data.SqlClient.SqlError: The file <Backup source database file location> cannot be overwritten.  It is being used by database <Backup Source Database>. (Microsoft.SqlServer.Smo) I am running the Restore procedure with the REPLACE option and am wondering why it is stating that the source database is the database in use when I am trying to restore and overwrite a completely different database. This issue happens when running the replace both in C# using SMO and when manually restoring with SqlServer Management Studio Interesting note is, the original source database is created / deployed using a database project within VisualStudios 2010 and then deployed to SqlServer through VisualStudios. Any thoughts on why this is happening? Thanks in advance for any help!
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend