I'm currently running IIS on my server using an app instantiating certificates.
By doing this code, for instance :
X509Certificate2 myX509Certificate = new
X509Certificate2(Convert.FromBase64String(byteArrayRawCertificate), passwordCertificate,
X509KeyStorageFlags.Exportable |
X509KeyStorageFlags.MachineKeySet |
X509KeyStorageFlags.PersistKeySet);
The code works fine. But I encounter a problem on my computer, on the following folder :
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
3KB RSA files keep on being added on that folder. For now, I have more than a million files like those ones :
I would like to delete those files, but :
Deleting such a large folder can take time (like days)
Thanks in advance for your help.
There is some work for you. At first, you *MUST NOT* instantiate X509Certificate2
object from PFX file each time you need to access it. It is very BAD idea. This causes a new key file generated in the MachineKeys folder. Instead, you have to install the certificate to local certificate store once and then reference installed certificate.
Use X509Store.Add()
method to install certficate to local store:
X509Certificate2 myX509Certificate = new
X509Certificate2(Convert.FromBase64String(byteArrayRawCertificate), passwordCertificate,
X509KeyStorageFlags.MachineKeySet);
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.Add(myX509Certificate);
store.Close()
Next time you need to access your certificate and private key, use same X509Store
class as follows:
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
X509Certificate2 myCert = store.Certificates.Find(blablabla);
store.Close()
Instead of "blablabla
", specify search filter: X509Certificate2Collection.Find()
. You can use various filter options to locate your certificate. Most common used is by thumbprint.
Regarding large folder. If you are sure that there are no other certificates in the LocalMachine\My store, you can simply purge all contents and then install your certificate by using the code above.