PRB: X509Certificate Supports Only DER-Encoded Certificates

Exonerare de răspundere pentru conținutul retras din baza de cunoștințe

Acest articol a fost scris despre produsele pentru care Microsoft nu mai oferă asistență. Prin urmare, acest articol este oferit „ca atare” și nu mai va fi actualizat.

This article refers to the following Microsoft .NET Framework Class Library namespaces:
  • System.IO
  • System.Security.Cryptography.X509Certificates
  • System.Text


When you use the System.Security.Cryptography.X509Certificates.X509Certificate class, you may receive the following error message:
Input data cannot be coded as a valid certificate.
This problem occurs if one of the following conditions is true:
  • You use the X509Certificate constructor and pass an array of bytes that are read from a Base64-encoded X.509 (.cer) file to the X509Certificate constructor. -or-

  • You use the X509Certificate.CreateFromCertFile method and pass in the path to a Base64-encoded X.509 (.cer) file.


This problem occurs because the X509Certificate class only supports binary X.509 (.cer) certificates that are encoded in Distinguished Encoding Rules (DER).


If the certificate is Base64-encoded, follow these steps to resolve this problem:
  1. Remove the following strings from the certificate data:

    -----END CERTIFICATE-----
  2. Decode the Base64 certificate data. For example, the following Visual C# sample code decodes Base64 certificate data:
    using System;
    using System.IO;
    using System.Security.Cryptography.X509Certificates;
    using System.Text;

    namespace ReadBase64Cert
    public class ReadBase64Cert
    public ReadBase64Cert()
    public static void Main(string[] args)
    if (args.Length < 1)
    Console.WriteLine("Usage: Base64EncodedFile (.cer)\n");

    // args[0] - Base64Encoded .cer file

    // Open the certificate, and read it into a byte array.
    FileStream certFile = new FileStream(args[0],
    int size = (int)certFile.Length;
    byte[] certBytes = new byte[size];
    size = certFile.Read(certBytes, 0, size);

    // Remove the unnecessary characters.
    String certString = Encoding.ASCII.GetString(certBytes);
    StringBuilder sb = new StringBuilder(certString);
    sb.Replace("-----BEGIN CERTIFICATE-----", "");
    sb.Replace("-----END CERTIFICATE-----", "");

    // Decode the bytes from base64 to raw bytes.
    certBytes = Convert.FromBase64String(sb.ToString());
    X509Certificate cert = new X509Certificate(certBytes);


This behavior is by design.

ID articol: 318217 - Ultima examinare: 20 oct. 2003 - Revizie: 1