So I'm trying to open a connection to Postgres using C# and npgsql Our system rules require sslmode to be VerifyFull. There's an example in another language that I'm trying to copy - basically it sets the Root Certificate to a given file.
so I take the file and try to do the same thing - but it fails - and when I dig into the code - npgsql calls X509Certificate2.CreateFromPemFile.
if I try to load up my certificate with
X509Certificate2.CreateFromPem( File.ReadAllText( file )) it works fine.
if I try to load up my certificate with
X509Certificate2.CreateFromPemFile( file ) it doesn't work
and that's because underneath, it calls CreateFromPem( text, text) where text is read from the file
and my certificate doesn't have a key
so to summarise
- that certificate is working to that database with code in another language
- the ssl root certificate shouldn't need a key
- but it seems impossible for npgsqlconnection to load a certificate that doesn't have a key
- and I don't have a key
the error message is:
"The key contents do not contain a PEM, the content is malformed, or the key does not match the certificate." Is there any way to fix this?
For more details - if I write the following test:
var certificateFileName = @"C:\temp\blah.pem";
//var decoded2 = X509Certificate2.CreateFromPemFile(certifcateFileName);
var contents = File.ReadAllText(certificateFileName);
var decoded = X509Certificate2.CreateFromPem( contents, null);
Assert.False( decoded.HasPrivateKey);
var bytes = decoded.Export(X509ContentType.Cert);
File.WriteAllBytes(@"C:\temp\blah2.pem", Encoding.UTF8.GetBytes( new string(PemEncoding.Write("CERTIFICATE", bytes))));
var decoded3 = X509Certificate2.CreateFromPemFile(@"C:\temp\blah2.pem");
throws an exception on the last line with any certificate I try. Works fine if the certificate has a key
