Re: Can a Windows service find a certificate ?

From: Sergio Dutra [MS] (sergiod_at_online.microsoft.com)
Date: 09/25/03 

Date: Thu, 25 Sep 2003 09:12:07 -0700

If you wish to use a certificate and its corresponding private key you will
typically want to have the private key generated by the account which will
access it (in this case, the service account). Otherwise, if the private key
is generated by another account, you will need to set the ACLs on the key to
allow the service account to access it.

Other than that, you can simply import the certificate and private key (if
in a PFX format) into the local machine "MY" store, which will make the
certificate available to any account - even those running as a service - but
the corresponding private key will be accessible only by the account that
generated it. 

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Vincent Vangoethem" <vangoethem@hotmail.com> wrote in message
news:1fa2e6d.0309241358.56d43752@posting.google.com...
> alun@texis.com (Alun Jones [MS MVP]) wrote in message
news:<Mc3cb.1673$fw6.1374@newssvr23.news.prodigy.com>...
> > What user installed the certificate, and what user is the service logged
on
> > as?
>
> I can choose these users.
> So what would you advice ?
> Which user (administrator ?) can install a certificate that can be
> shared by all user on the machine ? Or beter : Which user can install
> a certificate that can be used by a NT service running as LocalSystem
> ?
>
> Thanks for advance.
>
> Vincent

Relevant Pages

  • Re: Suppressing security dialogs when app opens
    ... "Adding the above two keys to the install makes the runtime install ... I'm not comfortable altering the security mechanism of a machine without the user's knowledge ... ... Because a digital certificate you create yourself isn't issued by a formal certification authority, ... Microsoft Office will only trust a self-signed certificate on a computer that has the private key for that certificate ...
    (comp.databases.ms-access)
  • Re: EFS encrypt files: Changed PW now cant access... :-(
    ... Assuming the EFS certificate AND private key are in the user's profile you ... need to change the user account password back to what it was before they ...
    (microsoft.public.windowsxp.security_admin)
  • Re: DCOM & CryptoAPI
    ... How exactly do I install a certificate as machine certificate.I tried to ... > account will be quite enough for this purpose. ... >> everything including the decryption functions works. ...
    (microsoft.public.platformsdk.security)
  • Re: Certificates on Floppy Disk?
    ... > give you the option to install this certificate which you want to do. ... > unselect enable strong protection as user will have to enter private key ... > personal folder for the computer store and select import and then browse ...
    (microsoft.public.windows.server.security)
  • Re: SBS 2003, Outlook 2003, and RPC-HTTP
    ... First of all, if you DON'T install that certificate, nothing will work. ... If you go into your e-mail account, hit change...the first window that pops ... > Under the Exchange Proxy settings in Outlook, ...
    (microsoft.public.windows.server.sbs)