Re: HttpListener, SSL Certificates, Sever and client certificate a



One thing to look out for is that files underneath the "keys" directory do
NOT inherit permissions from the folder, so the ACL change you made there
won't apply to the files underneath. They must be individually ACLed. That
said, the default permissions for a new key file added to that container
should give read access to administrator, so it should not be a permissions
issue.

You might try using a tool like process monitor to see what reg keys and
files are being read when it works and when it doesn't to compare notes.
Maybe the problem is related to the profile your server is trying to load
the certificate from?

IIS tends to hide these things from you because it manages all the SSL keys
itself.

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Colin" <Colin@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9788D730-FC04-4EB5-993B-71EC46BE2EA0@xxxxxxxxxxxxxxxx
Thanks for your response Joe, how can I trouble shoot this?

I checked the MMC snap in.

Makecert certificates:
- There are 3 certificates
- The self signed root in the LocalMachine\TrustedRoot has a private
key
- The Server Authentication cert in LocalMachine\Personal has a
private key
- The Client Authentication cert in LocalMachine\Personal has a
private key
- These certificates work, then again they were made on my computer

Certificate Services:
- There are again 3 certificates
- The Root CA in LocalMachine\TrustedRoot DOES NOT have a private key
NB: This makes sense to me, the Root CA isn't going to give out is
private key,
but I trust its public cert.
NB: I moved these certificate from CurrentUser to LocalMachine by
cut
and paste
- The server authentication cert has a private key
- The client authenitcation cert has a private key

I checked the permissions to the Document and Settings\All
Users\Application
Data\Crypto\RSA and DSS\ and set the permissions:
Administrators: All Access
System: All Access
Colin (ME): All Access
Everyone: Read and Execute

I am running my applications at the command line (and in the debugger). I
am an administrator on the machine. However the Certificate Services
certificates were installed by internet explorer (using the web interface
to
certificate services).

Any ideas would help. Thank you.


.