RE: NetworkService - Could not establish secure channel for SSL/TL

Tech-Archive recommends: Fix windows errors by optimizing your registry

Thanks for your response stefan,

I'm not sure on the exact steps you grant private key access to the Network
Service account, I used the following command to grant private key access
right to a certain account or group:

winhttpcertcfg.exe -g-a accountName -c LOCAL_MACHINE\MY -s certSubjectName

Also, for testing, you can consider using the following .net 2.0 code to
read out the certificate's private key:

===================
static void Run()
{
X509Store store = new
X509Store(StoreName.My,StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);

X509Certificate2Collection certs =
store.Certificates.Find(X509FindType.FindBySubjectName, "Certificate
Subject Name", false);

if (certs.Count > 0)
{

Console.WriteLine(certs[0].PrivateKey.ToXmlString(true));
}

store.Close();
}
=================

when the running security context doesn't have sufficient permission to
access the target certificate's private key, the

PrivateKey.ToXmlString(true)

method call won't be able to return the xml format private key value.

Hope this helps.

Regards,

Steven Cheng
Microsoft Online Community Support


==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.



Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

.