sdom100
asked on
Certificate Install
Hi,
I have a server application that uses a personally signed certificate to allow TCPIP clients to open SSL connections to it.
Bizarrely, when i install the certificate from .NET code into the MY (ie Personal Certificates) it installs fine and can be seen, however my 3rd party component cannot find it.
When i double clicked the cert in explorer and manually installed it, selecting "automatically select the certificate store based on the type of certificate" it installed, looked no different and yet worked perfectly.
ps. the Intended Purpose of the cert is "Server Authentication"
Could someone please advise me on what is different with a manual install please ?
I have a server application that uses a personally signed certificate to allow TCPIP clients to open SSL connections to it.
Bizarrely, when i install the certificate from .NET code into the MY (ie Personal Certificates) it installs fine and can be seen, however my 3rd party component cannot find it.
When i double clicked the cert in explorer and manually installed it, selecting "automatically select the certificate store based on the type of certificate" it installed, looked no different and yet worked perfectly.
ps. the Intended Purpose of the cert is "Server Authentication"
Could someone please advise me on what is different with a manual install please ?
CoccoBill
Are you sure you installed the cert into the same account's MY store that's used to run the 3rd party component?
ASKER
Interesting, could the third party component run as a different user ?
I believe that it uses standard .net crypto class methods to access the certificates
I believe that it uses standard .net crypto class methods to access the certificates
The MY store is unique to each user account, if the component runs under the context of a different user than the one that installs it, it won't be ale to find it. Each component runs under the context of the IIS application pool it belongs to. Try creating a new app pool that runs under the context of a user account you create on the server and putting both components in it. I seem to remember by default they run under the context of LocalService, which would put the certs in the machine account's MY store.
http://www.developer.com/net/asp/article.php/2245511
http://www.developer.com/net/asp/article.php/2245511
ASKER
My 'server' is not running IIS. The server side app is just a normal winforms application - would they not run under the credentials of the logged in user?
In that case yes, if you're just running the applications and they're not configured to run as windows services.
To recap using both methods of cert installation, you can find it under your user account's Personal store? Just to be sure, check also the machine account's store whether it's under its Personal store (run mmc.exe from the command line, File->add/remove snap-in->Cefrtificates->Co
To recap using both methods of cert installation, you can find it under your user account's Personal store? Just to be sure, check also the machine account's store whether it's under its Personal store (run mmc.exe from the command line, File->add/remove snap-in->Cefrtificates->Co
ASKER
Thanks,
I will check this evening
I will check this evening
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.