Re: X509Certificate issue with WSE 2.0

From: Lucien (*lucien*_at_MicrosoftAccount.com)
Date: 03/10/04 

Date: Wed, 10 Mar 2004 15:14:42 -0800

You can find in the WSE documentation how to do this. But for client request
encryption you need to install the certificate in the localmachine account
(for the service machine) and give private key access to ASPNET account
(unless you override that account). For W2K3 you can create an app pool to
run in a different account and use the X509 tool to give access to that
certificate.

"Patrick King patrickking@Alliant-NoSpam-Energy.com"
<patrickking@AlliantEnergy.com> wrote in message
news:c1e2e673.0403040638.17010ff8@posting.google.com...
> I think you have to make sure that the ASP.NET worker process has
> access to that certificate to be able to access the private key.
>
> Patrick King
> "Softwaremaker" <msdn@removethis.softwaremaker.net> wrote in message
news:<#1Su#mWAEHA.1464@tk2msftngp13.phx.gbl>...
> > Hmm...if you had installed the private key into the localmachine
account,
> > the key should be located in "C:\Documents and Settings\All
> > Users\Application Data\..."
> >
> > I am assuming now that ""C:\Documents and Settings\user\Application
> > Data\..." is your "Current User" store.
> >
> > Could you run thru the whole installation process again and verify that
you
> > had actually installed it into a localmachine account ? An article found
> > here gives you a detailed step-by-step of the whole process
> > http://www.eggheadcafe.com/articles/20030326.asp
> >
> > Another hack you can use (for now) is to instruct the WSE to look for
certs
> > in the "Current User" store instead of the localmachine account. You can
do
> > that via the storeLocation attribute in the web.config file below
> >
> > By default WSE looks for certificates in the Local Machine store rather
than
> > Current User which may be the cause of the problem? Have you tried the
> > following in app.config?
> >
> > <microsoft.web.services>
> > <security>
> > <x509 allowTestRoot="true" storeLocation="CurrentUser"/>
> > </security>
> > </microsoft.web.services>
> >
> > hth
> >
> > --
> > Thank you very much
> >
> > Warmest Regards,
> > William T (Willie) - Softwaremaker
> > Architect | Evangelist | Consultant
> >
> > Microsoft Regional Director
> > http://www.microsoft.com/rd
> > +++++++++++++++++++++++++++++++++
> >
> >
> > "Silvy" <anonymous@discussions.microsoft.com> wrote in message
> > news:CE9EF8F2-1194-430E-9F95-06EA22FE5322@microsoft.com...
> > > Hi,
> > >
> > > I have read all the previous posts about this issue, but I still get
the
> > error "Cannot find the certificate and private key for decryption".
> > > I created a certificate with "makecert -sk MyTestCer -n
"CN=MyTestCer" -ss
> > root -sr localmachine MyTest.cer"
> > > and installed it into "Trusted Root Certification Authorities/Local
> > Computer".
> > >
> > > When I check with the WSE X.509 tool, it says the private key folder
is
> > "C:\Documents and Settings\user\Application Data\...", and from reading
the
> > other posts, I understand this should be "C:\Documents and Settings\All
> > Users\Application Data\..."
> > >
> > > I have never worked with certificates before and I have no clue at all
on
> > how to solve this.
> > > If anyone out there would be so kind to show me the way, I would
greatly
> > appreciate it.
> > >
> > > Regards,
> > > Silvy
> > >

Relevant Pages

  • Re: IIS 6 Directory Services Mapping ACL Problems
    ... It would appear that you can not delegate Certificate based credentials. ... IIS does not have the user's password, so it can't just logon to the remote ... file server as the user directly. ... Lastly - if you want to see what account is being used to access the remote ...
    (microsoft.public.inetserver.iis.security)
  • Re: DCOM & CryptoAPI
    ... How exactly do I install a certificate as machine certificate.I tried to ... > account will be quite enough for this purpose. ... >> everything including the decryption functions works. ...
    (microsoft.public.platformsdk.security)
  • Re: SBS 2003, Outlook 2003, and RPC-HTTP
    ... First of all, if you DON'T install that certificate, nothing will work. ... If you go into your e-mail account, hit change...the first window that pops ... > Under the Exchange Proxy settings in Outlook, ...
    (microsoft.public.windows.server.sbs)
  • Re: How do I deal with "Password Synchronization is not supported"
    ... It just means that you need to select a local account (an account local to ... You can not allocate an SSL Certificate to a single folder. ... and then click Default Web Site. ... In the Anonymous User Account dialog box, ...
    (microsoft.public.inetserver.iis.security)
  • Re: Protecting Directories
    ... If you do, then only your account, and an optionally ... If you select to use EFS, then you should be certain that you ... For this your machine needs a smart card ... an issueing authority for the certificate on the card. ...
    (microsoft.public.windowsxp.security_admin)
Quantcast