Certificate Install

Hi,
I have a server application that uses a personally signed certificate to allow TCPIP clients to open SSL connections to it.
Bizarrely, when i install the certificate from .NET code into the MY (ie Personal Certificates) it installs fine and can be seen, however my 3rd party component cannot find it.
When i double clicked the cert in explorer and manually installed it, selecting "automatically select the certificate store based on the type of certificate" it installed, looked no different and yet worked perfectly.
ps. the Intended Purpose of the cert is "Server Authentication"

Could someone please advise me on what is different with a manual install please ?
sdom100Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CoccoBillCommented:
Are you sure you installed the cert into the same account's MY store that's used to run the 3rd party component?
sdom100Author Commented:
Interesting, could the third party component run as a different user ?
I believe that it uses standard .net crypto class methods to access the certificates
CoccoBillCommented:
The MY store is unique to each user account, if the component runs under the context of a different user than the one that installs it, it won't be ale to find it. Each component runs under the context of the IIS application pool it belongs to. Try creating a new app pool that runs under the context of a user account you create on the server and putting both components in it. I seem to remember by default they run under the context of LocalService, which would put the certs in the machine account's MY store.

http://www.developer.com/net/asp/article.php/2245511
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

sdom100Author Commented:
My 'server' is not running IIS. The server side app is just a normal winforms application - would they not run under the credentials of the logged in user?
CoccoBillCommented:
In that case yes, if you're just running the applications and they're not configured to run as windows services.

To recap using both methods of cert installation, you can find it under your user account's Personal store? Just to be sure, check also the machine account's store whether it's under its Personal store (run mmc.exe from the command line, File->add/remove snap-in->Cefrtificates->Computer Account->Local computer). The 3rd party component might be looking for it in the wrong store.

sdom100Author Commented:
Thanks,
I will check this evening
sdom100Author Commented:
The solution was to set an option when installing the cert via code to persist the certificate

X509Certificate2 cert = new X509Certificate2(certBytes, password,X509KeyStorageFlags.PersistKeySet);

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.