Re: httpcertcfg for server 2008

I have a version of Dominick's tool precompiled that is a little easier to
use for this purpose. Dominick's original posting only included source code
and defaults to use the current user store instead of machine store unless
you pass in a command line parameter, so I changed that to be the opposite
behavior. I'll just send it to you if you mail me privately at joe @
joekaplan . net.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<paramr@xxxxxxxxxxxxxxxx> wrote in message
news:e5FGQtaHJHA.652@xxxxxxxxxxxxxxxxxxxxxxx
OK, I tried without doing anything and obviously that did not work. I
havent tried installing the httpcertcfg tool, although I am positive that
wont work as IIS 7 is very different than IIS 6 I am presuming.

Can you point me link to source for Dominick Baier article you mention
below?

TIA!


"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:u7Jli%23SHJHA.4760@xxxxxxxxxxxxxxxxxxxxxxx
If it doesn't work for some weird reason, this can be done with other
methods. You basically just need a way to identify the private key file
in the machine key directory and then you can modify the permissions
using the Windows shell.

Dominick Baier wrote a little tool in .NET that uses the framework's
built in GUI for displaying certificates to allow you to pick one and
then programmatically finds the machine key file and opens the Windows
shell properties page directly to the file for you. He had the source up
on his blog a while ago.

You can even make an educated guess on which file is the private key file
if you check the machine keys directory right after you install the
cert+private key as the date on the file will coincide. I've used this
approach successfully before.

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
<paramr@xxxxxxxxxxxxxxxx> wrote in message
news:u8HlziQHJHA.3640@xxxxxxxxxxxxxxxxxxxxxxx
And if you are going to ask why I need this tool, it is because I have
some .net web service code that accesses a remote secure URL that is
protected by client digital certificates. In Server 2003, I had to
install the client cert in the computer certificate store and then use
this tool to give IIS_WPG rights to the certificate. Only then would it
work. I am trying to do the same in Server 2008 now.

TIA!

<paramr@xxxxxxxxxxxxxxxx> wrote in message
news:ez%23fCYQHJHA.944@xxxxxxxxxxxxxxxxxxxxxxx
Below is the download link for the Server 2003 version. What about
Server 2008?

http://www.microsoft.com/downloads/details.aspx?FamilyID=c42e27ac-3409-40e9-8667-c748e422833f&displaylang=en



<paramr@xxxxxxxxxxxxxxxx> wrote in message
news:%23Ewt3gPHJHA.4408@xxxxxxxxxxxxxxxxxxxxxxx
Configure permissions on which http user has access to certificates
stored in the computer store

"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb667d6d8caeb0f4963a580@xxxxxxxxxxxxxxxxxxxxxxx
Hello paramr@xxxxxxxxxxxxxxxx,

Sorry, but for what is it used?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Hi all,

Is the httpcertcfg utility available for Server 2008? If yes, where
can I get it from?

TIA!















.

Relevant Pages

  • Re: HRESULT: 0X80070490 with Azman and AD LDS on 2008 server
    ... One easy way to have done this would have been to make the LDS server a replica in a configuration set with the original ADAM so that AzMan could basically use either store interchangeably and you could master the actual policy information from either of them. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Sending signed and encrypted email.
    ... The user may have 1 or more certificates, ... via an AD lookup, you would want their encryption certificate, not their ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... I am new to framework 2.0 so unsure about the capabilities of the ...
    (microsoft.public.dotnet.security)
  • Re: Why got error "Only one type of operation can be performed in
    ... I was getting the error becuase I was committing with both "Clear" and ... "Joe Kaplan" wrote: ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... It could be that you have run into an ADSI limitation on Win2K server ...
    (microsoft.public.dotnet.security)
  • Re: Why got error "Only one type of operation can be performed in
    ... you have the full stack trace of the error message? ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... It could be that you have run into an ADSI limitation on Win2K server ...
    (microsoft.public.dotnet.security)
  • Re: HRESULT: 0X80070490 with Azman and AD LDS on 2008 server
    ... it may be that you are either missing some part of the AzMan schema for your LDS server or that some aspect of the MMC snap-in that manages AzMan and persists the policy didn't save all the objects correctly. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... I tried to give permission on ADAM for authenticated users> but ...
    (microsoft.public.dotnet.framework.aspnet.security)
Quantcast