Re: HttpListener, SSL Certificates, Sever and client certificate a



One thing to look out for is that files underneath the "keys" directory do
NOT inherit permissions from the folder, so the ACL change you made there
won't apply to the files underneath. They must be individually ACLed. That
said, the default permissions for a new key file added to that container
should give read access to administrator, so it should not be a permissions
issue.

You might try using a tool like process monitor to see what reg keys and
files are being read when it works and when it doesn't to compare notes.
Maybe the problem is related to the profile your server is trying to load
the certificate from?

IIS tends to hide these things from you because it manages all the SSL keys
itself.

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Colin" <Colin@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9788D730-FC04-4EB5-993B-71EC46BE2EA0@xxxxxxxxxxxxxxxx
Thanks for your response Joe, how can I trouble shoot this?

I checked the MMC snap in.

Makecert certificates:
- There are 3 certificates
- The self signed root in the LocalMachine\TrustedRoot has a private
key
- The Server Authentication cert in LocalMachine\Personal has a
private key
- The Client Authentication cert in LocalMachine\Personal has a
private key
- These certificates work, then again they were made on my computer

Certificate Services:
- There are again 3 certificates
- The Root CA in LocalMachine\TrustedRoot DOES NOT have a private key
NB: This makes sense to me, the Root CA isn't going to give out is
private key,
but I trust its public cert.
NB: I moved these certificate from CurrentUser to LocalMachine by
cut
and paste
- The server authentication cert has a private key
- The client authenitcation cert has a private key

I checked the permissions to the Document and Settings\All
Users\Application
Data\Crypto\RSA and DSS\ and set the permissions:
Administrators: All Access
System: All Access
Colin (ME): All Access
Everyone: Read and Execute

I am running my applications at the command line (and in the debugger). I
am an administrator on the machine. However the Certificate Services
certificates were installed by internet explorer (using the web interface
to
certificate services).

Any ideas would help. Thank you.


.



Relevant Pages

  • Re: X.509 Unwrap Woes
    ... You need to give read permissions over the private keys to ASP.NET. ... You can give those permissions using the Certificate tool provided by WSE or ... unwrap a symmetric key using the private key of an X.509 certificate. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Strange Windows 2000 / 2003 behavior found with ASPNET permissions?!?
    ... private key in the local machine store. ... We failed accessing the private key of the certificate and as we tried ... After that we added the permissions to the ASPNET account the ...
    (microsoft.public.dotnet.framework.aspnet)
  • Strange Windows 2000 / 2003 behavior found with ASPNET permissions on MachineKeys folders?!?
    ... private key in the local machine store. ... We failed accessing the private key of the certificate and as we tried ... After that we added the permissions to the ASPNET account the ...
    (microsoft.public.security)
  • Setting the permissions on certificates
    ... it's been added to the Windows certificate repository? ... using the flag options to persist the private key but I'd like to be ... permissions to access the privte key, similar to how the WSE 3.0 ...
    (microsoft.public.dotnet.security)
  • Re: Unable to use third-party cert after Exch Sp2 update on SBS200
    ... Every *server* certificate in IIS has to ... The public key is sent when a request from a browser ... The public key is used to *decrypt* data. ... The private key is used ...
    (microsoft.public.windows.server.sbs)