The GDS Client uses a Certificate Signing Request (CSR) when a new CA signed Certificate is requested from the GDS and an older cert exists.
The CSR can be executed however applying the existing private key to the new Certificate fails when the old Certificates private Key is not exportable. This is the case e.g. for many certs in the Windows X509 Certificate Store.
With this fix the GDS Client uses a KeyPair Request instead of a Certificate Signing Request to request a new CA signed Cert from the GDS, when the private key of the existing cert is not exportable.
Related Issues
Fixes #606
Types of changes
[x] Bugfix (non-breaking change which fixes an issue)
[ ] Enhancement (non-breaking change which adds functionality)
[ ] Test enhancement (non-breaking change to increase test coverage)
[ ] Breaking change (fix or feature that would cause existing functionality to not work as expected, requires version increase of Nuget packages)
[ ] Documentation Update (if none of the other choices apply)
Proposed changes
The GDS Client uses a Certificate Signing Request (CSR) when a new CA signed Certificate is requested from the GDS and an older cert exists.
The CSR can be executed however applying the existing private key to the new Certificate fails when the old Certificates private Key is not exportable. This is the case e.g. for many certs in the Windows X509 Certificate Store.
With this fix the GDS Client uses a KeyPair Request instead of a Certificate Signing Request to request a new CA signed Cert from the GDS, when the private key of the existing cert is not exportable.
Related Issues
Types of changes
Checklist
Further comments