Look sharp

Overview

Currently I am trying to figure out how we can implement the OIOSI/RASP Framework (OIO Service oriented Infrastructure/Reliable Asynchronous Secure Profile)

The framework supports reliable, secure E-Business using open standards. Including components for web service calls, non-repudiation, UDDI-registries and a standardized subset of the UBL 2.0 business document profile. Supported for .Net and java.

Among other things I need to install various certificates for use with services such as eg IIS to handle encrypted messages and this have given me some headaches as I haven't used them much until now
Obviously the documentation is takes the wrong path and not very well written, haven't we seen that one before once or twice

Googling around gave me some pieces of advice but not the full picture, by pure luck I found a topic at stackoverflow.com and some comments by Željko Tanovic and I managed to solve but also understand the problem

The problem

I had two errors "key does not exist" because IIS couldn't find the private key file and "invalid handle" caused by missing user privileges

First mistake being misled by the documentation was to install in the personal store and move the certificate to the localmachine store, the private key was installed in the current user folder and inaccessible by the IIS service accounts
Second was missing user privileges and straight forward to fix as soon as the first problem was solved

While troubleshooting you can use FindPrivateKey to get current location of the private key file. FindPrivateKey is part of the Windows Communication Foundation (WCF) and Windows Workflow Foundation (WF) Samples for .NET Framework 4

You can add root LocalMachine -t "db e0 d9 a8 1f 2c a2 ed 05 c7 55 81 64 68 a6 72 fb 44 e4 0a" to the debug project property tab and the console in the debugger to the path you need
Please note, the documentation gives you also an extra -c at the end, but this additional parameter causes an if statement to fail and nothing is found

Folder for private keys when the ceritificate is imported in the personal store
C:\Documents and Settings\<user>\Application Data\Microsoft\Crypto\RSA

Folder for private keys when the ceritificate is imported to localmachine store
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys

Solution: Import certificates

Steps when importing certificates which is used by services such as eg IIS

• Import certificate to the localmachine store (root / Trusted Root Certificate Authorities)
• Check that the private key file is stored in the MachineKeys folder by using the FindPrivateKey tool
• Set apprioprate user privileges for your service accounts, eg ASPNET and user account running the Application Pool

Problem solved - Well at least I can see my webservice page in IE

Update! Instead of all the hazzle setting the access rights manually you can also use the Windows HTTP Services Certificate Configuration Tool (WinHttpCertCfg.exe)
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=19801

Command line:

C:\Program Files (x86)\Windows Resource Kits\Tools>winhttpcertcfg 
             -g -c LOCAL_MACHINE\My -s MyWebSite -a DefaultAppPool

The Virtual Network Editor (vmnetcfg.exe) is not extracted during the installation and it is really needed if you want to mess around with the virtual network settings on the host OS.
It is a problem if you have different network adapters installed, like eg Bluetooth, WiFi, Hamachi etc

Extract cab files

You can extract all files from the installation by using the option /e and a destination folder is supplied

C:\Download\vmware>VMware-player-3.1.3-324285.exe /e .\extract

Change to the subfolder and find the file network.cab, open it in eg Izarch and extract vmnetcfg.exe to the vmware player installation folder. You can also create a shortcut in your list of program files if needed

I have used VMware Workstation and - Viewer for testing, development, deployment and maintenance during quite a few years. Great product for this.

From time to time I have been in need of expanding the disks on the virtual machine as they have been almost out of free space. With VMware it's quite easy to do using the free standalone Converter.

With VMware vCenter Converter you can take copies of your virtual machine and change the disksize during the process.

There's a few steps where you need to pay attention otherwise the process is straight forward

• Select source
• Let the converter read the configuration
• Choose destination
• And alter the options a little ...

The converter suggest "Copy all disks and maintain layout", change this to "Select volumes to copy" and you can set new disksize for each disk.

Type the new disksize in GB and watch while the converter does the all the hard work or go and grab a cop of coffee while you're waiting

It's fairly stragiht forward to install BlogEngine, just follow the instructions ind the readme files and you're fine. Remember to set filepermissions on the app_data folder, files and sub folders etc.

If you're running in a hosted enviroment you might encounter an error: "unable to generate a temporary class". After some poking around on the internet I found that the XmlSerializer just might be the cause of the and I also found a quick and easy fix

As the asp.net windows user probably does not have the prober rights to create files in the windows temp folder. Solution is to point the XmlSerializer to another folder for storing files/classes on the fly

Change temp folder

In the web.config I added this section

<system.xml.serialization>
    <xmlSerializer tempFilesLocation="d:\websites\blognet.web\app_data\temp"/>
</system.xml.serialization>

Obviously "d:\websites\blognet.web\app_data\temp" should reflect the correct path to your installation of BE
The method Request.PhysicalApplicationPath should give you a fairly good idea
NB! My installation has a different path too :)

All credits for this solution goes to http://www.hanselman.com/blog/changingwhere%20xmlserializeroutputstemporaryassemblies.aspx