send X509 certificate to an Xmlrpc service under IIS7

B

Balint Kardos

Hi,

I have to call a remote Xmlrpc gateway, which requires me to send a
previously generated certificate (stored in a .der file).
If I do it in Visual Studio 2008 with my user account (Balint), VS's built
in WebServer can read out the certificate's path and CA's root cert from
CURRENT_USER\Trusted Root, and works fine.

If I try to install the application on IIS7, it fails with "The request was
aborted: Could not create SSL/TLS secure channel".

1) If I understand well, IIS7's W3WP/SVCHOST processes are running under the
NETWORK account.
I've tried to add the certificates to NETWORK's CURRENT_USER\Personal, and
CURRENT_USER\Trusted Root store, but it still not working.

2) I tried <impersonate> in the web.config for my user account, but it's
still not working.

3) I've imported the certs to LOCAL_MACHINE\Trusted Root, no luck.

4) I thought the certificate is bad, or the path is wrongly built, and tried
to use it on a local SSL website:
It's okay, IIS can read out the key from LOCAL_MACHINE\Trusted Root\, so the
https://localhost/ site is working well with these certs, however I don't
want to use it for anything :)


What am I missing here?
From C# code, how can I build a "path" for my certificate, which would
include the CA's root certificate too?


Thanks,

Balint
 
J

Joe Kaplan

If this is normal SSL client certificate authentication (which it sounds
like it is), you need to ensure that the remote machine you are deploying to
has the private key for the certificate as well and the process running your
service has read access on the private key once it is installed.

To do this, you need to export the certificate as a p12/pfx file, import it
to the remote machine (into the local machine store, not the current user
store) and set the permissions on the private key so that your service
account has read access (unless you are running as System which hopefully
you are not).

HTH!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top