Anyone have any idea why this call:
_httpsStream.AuthenticateAsServer(cert, _bWantClientCert, CONFIG.oAcceptedClientHTTPSProtocols, false);
Might occasionally fail thusly:
A call to SSPI failed, see inner exception. < The specified data could not be decrypted
The same call with the same certificate succeeded earlier during the process' lifetime; after it gets in the "bad" state, it will continue to occur until I use a new certificate. If I take the cert object's private key, I can successfully .Encrypt and .Decrypt data with it.
The clients in this case are all major browsers, so this is definitely isn't the client's fault.
If I enable Crypto-NCrypt logging, I see the following in the event log:
Cryptographic Operation failed.
Anyone have any tips for debugging this?
Alexey What you see in CAPI2 log? Event Viewer\Applications And Services Logs\Microsoft\Windows\CAPI2\Operational?
Eric @ 18.104.22.168 No errors, although a bunch of operations on .CER files that were apparently generated within(C:\Users\lawrence\AppData\LocalLow\Microsoft\X509Objects) matching the self-generated certificates. Kinda odd to see them there, since those certs weren't generated via CAPI (used BouncyCastle).
Eric Oh, actually, those .CER Files correspond to those received from the upstream server, so they're not related to either the certs or private keys my code is generating...
< Eric's Blog Home