[Mono-dev] mozroots and personal certificates

Sebastien Pouliot sebastien.pouliot at gmail.com
Wed Oct 14 07:51:54 EDT 2009

On Wed, 2009-10-14 at 04:05 -0700, Claus Jørgensen wrote:
> Hi
> I can't seem to import my personal certificates using mozroots. Only
> the root certificates will be imported, anyone know why, and how to
> get around this?

mozroot exclusive usage is to download Mozilla root certificates (from
their source repository on the web) into your user (or machine) 'Trust'
store. All other imports/exports are done with certmgr

> Also I also tried to export a .pem file (DER), and import it using the
> X509Certificate2 class in
> System.Security.Cryptography.X509Certificates, 
> but it does not import the private key, even the pem file (which is
> plaintext) shows a RSA Private Key in the specific file.

This is not a format supported by the MS .NET framework. If you want to
load certificates/private keys then you need to use PKCS#12 files. 

Other options are:

* use the classes available inside Mono.Security.dll and decode the
PEM/PKCS8 files yourself;

* use OpenSSL client to convert the PEM/PKCS8 into a PKCS#12 file. IIRC
OpenSSL does not produce undefined-length ASN.1 output so it will be
should be loaded without problems.


More information about the Mono-devel-list mailing list