RE: Certificate Store access problem

From: Don Sherwood (dsherwood@integrateddocuments.com)
Date: 08/09/02 

From: "Don Sherwood" <dsherwood@integrateddocuments.com>
Date: Fri, 9 Aug 2002 07:23:31 -0700

Cas,

Good questions. I guess I wasn't very specific in my
original post. You asked:
>How is your service accessing the certificate?

It's using a third-party (Mabry) COM object, and
specifying "LOCAL_MACHINE\MY\Client Certificate Name" as
the certificate name. In the certificate manager, the
certificate appears in the local computer's "Personal"
certificate store, which is LOCAL_MACHINE\MY, the same
store that our website's SSL certificate is in. Since
it is in the computer account, not a user account, I
assumed it would be visible to services, like IIS. IIS
runs in the "local system" user context, and the web
service uses the IUSR_MachineName account for anonymous
access.

>Also, can you provide more detail about the error you're
seeing?
When our clients make a request from our web service, it
in turn requests information from another web service
using this client certificate for authentication, and
then returns the results to the original requestor. When
my code attempts to connect (calling the "GET" method of
the Mabry control), it fails reporting "Certificate Store
Not Found". The same code, when run as an application in
the context of the logged on user, works correctly, so it
appears to be a permissions issue.

If it helps, the LOCAL_MACHINE\MY store is a registry
store. The binary data for the certificate is in the
registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\M
y\Certificates\B3D43A9E9FD15D97B68A6FEBCCEC74AAF60614ED
in a binary value called "Blob".

Any help would be greatly appreciated.

Relevant Pages

  • Re: Active Directory Federation Services
    ... that is associated with their profile and the machine itself has a store. ... Just wanted to let you know that I got the cert problem fixed. ... the user certificate store. ... FSP was looking for certs in the local ...
    (microsoft.public.windows.server.active_directory)
  • Re: Accessing certificate store from ASP.NET web project
    ... the cert must be in the local computer/personal) store - it will then open ... Have a look at the source code to open the right cert store... ... One of the locations requires a x509 certificate in order ... different user context than my vb.net web project. ...
    (microsoft.public.dotnet.security)
  • Re: Issues with SSL on Win CE 5.0
    ... the HKCU certificate store. ... and tell the web server to use it. ... The old cert was in. ...
    (microsoft.public.windowsce.embedded)
  • Re: Issues with SSL on Win CE 5.0
    ... the HKCU certificate store. ... and tell the web server to use it. ... The old cert was in. ...
    (microsoft.public.windowsce.embedded)
  • Re: SMS 2003 SP1 Client Install Problem or Policy Retreival Problem?
    ... > Failed to find running shell process ... >> It is possible that the crypto store has somehow been corrupted. ... >>> The MP is setup and thousands of other clients have access. ... >>> Failed to find the certificate in the store, ...
    (microsoft.public.sms.admin)
Quantcast