Missing X509 Certificate in .NET Collection

Oh help. I’m in so far over my head on this one…

I’m a newbie to security and certificates. My task is to create a certificate (done), craft a .NET web service to sign it, and return XML (SAML, actually) that the caller will use to successfully sign in to the portal.

I’ve done enough homework on X509 to create a certificate with the pertinent details below (changed a bit to protect the innocent):

Version: V3
Subject: CN=ThirdParty_SSO, OU=My Division, O=Company, DC=xxxx
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Validity: [From: Fri Apr 30 15:48:23 PDT 2010,
To: Fri May 01 00:00:00 PDT 2020]
Issuer: CN=ThirdParty_SSO, OU=My Division, O=Company, DC=xxxx
SerialNumber: [ -5812aade 5e7d0844 bd6bb39b fd1dc53b]

[2]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
codeSigning
]

The cert is self-signed per request and is installed in root on the local machine, again per request.

I’m using the following .NET code to try and retrieve things:

X509Certificate2 cert = null;
X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection coll = store.Certificates.Find(X509FindType.FindBySubjectName, “ThirdParty_SSO”, true);
if (coll.Count < 1)
{
throw new SecurityException(“Unable to locate certificate”);
}

I put a for loop in the code to make sure I had the right store, and indeed I can see all the certificates in Trusted Root - except the ones I’ve created and installed!

I’ve tried a few things: using “CN=ThirdParty_SSO” as the find value didn’t work either. To test, I substituted a known value, “Microsoft Root Certification Authority” as my find value and it came up just fine. I changed the last param in Find to false to pull up any invalid certs and it still didn’t find mine.

I note the cert is version 3 and the X509 classes are 2 - this didn’t seem to hamper finding the external cert, but I wonder if that’s an issue.

I apologize for being totally lost on this. I inherited the code from a rough prototype which, as it turned out, only looked in the store if it didn’t find an external file. We’re now moving to put the cert in the server’s store, so this has become, um, rather important.

Any help that can be rendered would be most welcome.

Thanks

Jim Stanley
Blackboard Connect Inc.