Description
Description
Agent tries to get a certificate that is installed by Server over MDM. After Agent has been retargeted to .NET Core it is unable to read certificate created by .NET Framework version of Server.
Reproduction Steps
I'm unable to provide repro steps because certificate is installed by Windows MDM.
Expected behavior
.NET Core version of Agent should be able to retrieve the private key even if it is both persisted and ephemeral.
Actual behavior
Retargeted Agent it is unable to get certificate created by .NET Framework version of Server with the following error:
The CNG key handle being opened was detected to be ephemeral, but the EphemeralKey open option was not specified.
In CertificatePal.TryAcquireCngPrivateKey value of certificateContext.HasPersistedPrivateKey is true. So it doesn't update handleOptions with CngKeyHandleOpenOptions.EphemeralKey and later from OpenNoDuplicate I get aforementioned error.
There is no check for certificateContext.HasPersistedPrivateKey in .NET Framework version that is why it works.
Regression?
No response
Known Workarounds
No response
Configuration
No response