Installation/Execution issues

Sep 5, 2008 at 7:07 PM
I was very excited to find this console app.  I downloaded the source today and tried to run it (My dev box is running .NET 2.0 and I installed Web Service Enhancements 3.0).  Before running it I installed my Amazon certificate following the instructions on the Home tab.  From there I set the value of "awsCertificate" to my certificate search string value and set "keypairsDirectory" to the directory that contains my cert and pk.

Unfortunately the app crashes with a Cryptographic Exception on Ec2ConsoleForm.ProcessMessage with the message ""Object contains only the public half of a key pair. A private key must also be provided."  This happens whether I'm running the precompiled app or compiling my copy of the source.  I went looking for bug reports or any discussions on this app and found none.

Any ideas of what could be happening?  I know the certificate is valid because we've been using it for some S3 apps.  My certificate file was in the format "cert-{IDENTIFIER}.pem" before renaming it with the ".crt" extension.  I would have guessed that a tool would be needed to convert that to a .crt file but I followed the instructions and simply renamed it.  Looking forward to a response.  It's a great concept for an app and I'm looking forward to using it.


Sep 5, 2008 at 8:31 PM

Make sure that when you're installing the certificate into your local store that you mark the private key as exportable.  If this isn't done, only the public key is accessible to the app, which explains the error message that you encountered.  Please let me know whether or not this solves your problem.

Sep 10, 2008 at 1:39 AM
Thank you, Luke.  Turns out my PK was not exportable.  Anyway I generated a new certificate from my AWS dashboard and used openssl to generate a good .p12 file.  I then imported the new certificate (with marked exportable private key) into my local store.  So far, so good.

In the Settings.settings file I have the value of my certificate's Subject Key Identifier assigned to awsCertificate (I modded the AmazonX509Assertion constructor to search by X509FindType.FindBySubjectKeyIdentifier).  I wasn't sure what to use for the value of keypairsDirectory so I used the directory where my .p12 file is located.

What's strange is when I step through the AmazonX509Assertion constructor, the value for awsCertificate (which it reads from the Settings) is the Subject Name of the *original* certificate that I had trouble with, even though that certificate no longer exists in any of my certificate stores.  Executing with that value of awsCertificate caused the same exception I originally wrote to you about, so I hardcoded the value to the Subject Key Identifier of my new certificate.

Now when I start the app, a SoapException is thrown with the message "AWS was not able to validate the provided access credentials" at Ec2Service.DescribeImages.

Maybe I missed a subtle detail somewhere?  Any help is appreciated.