Re: HttpListener, SSL Certificates, Sever and client certificate a
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 4 Apr 2008 13:33:34 -0500
One thing to look out for is that files underneath the "keys" directory do
NOT inherit permissions from the folder, so the ACL change you made there
won't apply to the files underneath. They must be individually ACLed. That
said, the default permissions for a new key file added to that container
should give read access to administrator, so it should not be a permissions
You might try using a tool like process monitor to see what reg keys and
files are being read when it works and when it doesn't to compare notes.
Maybe the problem is related to the profile your server is trying to load
the certificate from?
IIS tends to hide these things from you because it manages all the SSL keys
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
"Colin" <Colin@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
Thanks for your response Joe, how can I trouble shoot this?
I checked the MMC snap in.
- There are 3 certificates
- The self signed root in the LocalMachine\TrustedRoot has a private
- The Server Authentication cert in LocalMachine\Personal has a
- The Client Authentication cert in LocalMachine\Personal has a
- These certificates work, then again they were made on my computer
- There are again 3 certificates
- The Root CA in LocalMachine\TrustedRoot DOES NOT have a private key
NB: This makes sense to me, the Root CA isn't going to give out is
but I trust its public cert.
NB: I moved these certificate from CurrentUser to LocalMachine by
- The server authentication cert has a private key
- The client authenitcation cert has a private key
I checked the permissions to the Document and Settings\All
Data\Crypto\RSA and DSS\ and set the permissions:
Administrators: All Access
System: All Access
Colin (ME): All Access
Everyone: Read and Execute
I am running my applications at the command line (and in the debugger). I
am an administrator on the machine. However the Certificate Services
certificates were installed by internet explorer (using the web interface
Any ideas would help. Thank you.
- Prev by Date: Re: HttpListener, SSL Certificates, Sever and client certificate a
- Next by Date: Re: How do I locate an object using its sid in a multi-forests env
- Previous by thread: Re: HttpListener, SSL Certificates, Sever and client certificate a