System.Security.Cryptography.CryptographicException: Bad Data #2493
Comments
|
See #2386 - this is probably caused by a faulty Windows Update. |
|
I'm getting the same error on Windows Server 2022 when trying to create a new certificate. Win-acme version v2.2.6.1571 (x64, Release). |
|
I was experiencing this issue myself on a windows 2022 server that is used as a remote desktop gateway. (Build 20348.2113) |
|
Could use test with the setting UseNextGenerationCryptoApi? |
Setting this to true also works here's the original log vs with this setting enabled With the setting enabled |
|
I will consider making the NG option default, or at least an automatic fallback. |
|
Looked at the code but there's not really an explanation how the |
WouterTinus
changed the title
|
Potential fix: now using DER instead of BER encoding. |
|
Did any of you get the chance to test version 2.2.7 or 2.2.8? |
Changed one of my RDS 2022 servers over to version 2.2.8 and ran a renewal and all worked fine. Will run again on another one I know was a problem tomorrow. |
|
I am using Win-Acme 2.2.8 and I am trying to renew the certificate. [EROR] Internal error parsing certificate |
|
Still chasing down the exact cause of this... |
|
I've just tested 2.2.8 on the problem server today. All processed without issue. Wacs version is 2.2.8.1635 |
|
Wacs version is 2.2.8.1635 [EROR] Internal error parsing certificate |
|
@akintali: can you try build 1646 linked above? |
|
@WouterTinus :I have tried with the above build 1646 but still receiving the same error. |
|
Would you mind sharing the verbose log? That might offer some hints. |
|
[EROR] Internal error parsing certificate Please let me know if you need any other information. |
|
Don't you see the message "Internal error, retrying with different parameters..." in the log? It's supposed be before the part that you posted. |
|
[INFO] Downloading certificate Is this the message you were asking for? Please let me know if I am missing anything else |
|
Thanks, that's what I was looking for. Unfortunately, it doesn't solve our problem though. Two questions arise:
|
|
|
Would you mind giving Let's Encrypt a try? That would provide an important hint as to whether this issue is certificate related or machine related. |
|
Hi @WouterTinus we also have winacme version 2.2.8.1635 on a Windows 2019 server and retrieving the certificate from Let's Encrypt but we are also getting that same Bad Data error so it looks like it is not an issue related to the certificate. |
|
I have an experimental build here that might fix the "Bad Data" issues by using a whole new way of parsing the certificate data, feedback is welcome! https://ci.appveyor.com/project/WouterTinus/win-acme-s8t9q/builds/49620471/artifacts |
|
Hello @WouterTinus . |
|
Can you post the log output please? That might contain some hints |
|
Hello @WouterTinus. sorry for the delay in response. Please find the attached file that has the log. [DBUG] Logging at level Verbose [INFO] A simple Windows ACMEv2 client (WACS) [INFO] Connection OK! [VERB] Flag --keepexisting not present [VERB] Autofac: creating PluginFrontend scope with parent target [VERB] Constructing ACME protocol client... [DBUG] Loading signer from C:\ProgramData\win-acme\acme.enterprise.sectigo.com\Signer_v2 [VERB] Autofac: creating Split scope with parent PluginBackend [VERB] Autofac: creating Order scope with parent PluginBackend [VERB] [HTTP] Request completed with status OK [WARN] Using cache. To force a new order within 1 days, run with --nocache. Beware that you might run into rate limits. [VERB] [HTTP] Request completed with status OK [VERB] Associating private key [VERB] Parsing PEM data at range 3688..5033 [WARN] Internal error, retrying with different parameters... [VERB] Associating private key [VERB] Parsing PEM data at range 3688..5033 [EROR] Internal error parsing certificate [DBUG] certificate cache folder C:\ProgramData\win-acme\acme.enterprise.sectigo.com\Certificates. It will be reused when renewing within 1 day(s) as long as the --source and --csr parameters remain the same and the --force switch is not used. [EROR] Error requesting certificate |
|
Thanks, that stack trace is actually very useful because it hints at another possible cause for these issues, relating to the user profile instead of the certificate itself. Please try build 1674 for a possible resolution: https://ci.appveyor.com/project/WouterTinus/win-acme-s8t9q/builds/49817226/artifacts |
|
@WouterTinus |
|
This has been released in 2.2.9 |
I am using Win-Acme 2.2.6 and I am trying to renew the certificate on a windows load balancer server.
But I am reciving the following error while generating the certificate could someone please let me know how it can be fixed.
** System.Security.Cryptography.CryptographicException: Bad Data.
at System.Security.Cryptography.X509Certificates.StorePal.FromBlobOrFile(ReadOnlySpan
1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2Collection.Import(ReadOnlySpan1 rawData, ReadOnlySpan`1 password, X509KeyStorageFlags keyStorageFlags)at System.Security.Cryptography.X509Certificates.X509Certificate2Collection.Import(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
at PKISharp.WACS.Services.CertificateService.ParseCertificate(Byte[] bytes, String friendlyName, AsymmetricKeyParameter pk)
at PKISharp.WACS.Services.CertificateService.DownloadCertificate(AcmeOrderDetails order, String friendlyName, AsymmetricKeyParameter pk)
at PKISharp.WACS.Services.CertificateService.RequestCertificate(ICsrPlugin csrPlugin, Order order)
at PKISharp.WACS.OrderProcessor.GetFromServer(OrderContext context) **
The text was updated successfully, but these errors were encountered: