• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 362
  • Last Modified:

Certificate Install

Hi,
I have a server application that uses a personally signed certificate to allow TCPIP clients to open SSL connections to it.
Bizarrely, when i install the certificate from .NET code into the MY (ie Personal Certificates) it installs fine and can be seen, however my 3rd party component cannot find it.
When i double clicked the cert in explorer and manually installed it, selecting "automatically select the certificate store based on the type of certificate" it installed, looked no different and yet worked perfectly.
ps. the Intended Purpose of the cert is "Server Authentication"

Could someone please advise me on what is different with a manual install please ?
0
sdom100
Asked:
sdom100
  • 4
  • 3
1 Solution
 
CoccoBillCommented:
Are you sure you installed the cert into the same account's MY store that's used to run the 3rd party component?
0
 
sdom100Author Commented:
Interesting, could the third party component run as a different user ?
I believe that it uses standard .net crypto class methods to access the certificates
0
 
CoccoBillCommented:
The MY store is unique to each user account, if the component runs under the context of a different user than the one that installs it, it won't be ale to find it. Each component runs under the context of the IIS application pool it belongs to. Try creating a new app pool that runs under the context of a user account you create on the server and putting both components in it. I seem to remember by default they run under the context of LocalService, which would put the certs in the machine account's MY store.

http://www.developer.com/net/asp/article.php/2245511
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
sdom100Author Commented:
My 'server' is not running IIS. The server side app is just a normal winforms application - would they not run under the credentials of the logged in user?
0
 
CoccoBillCommented:
In that case yes, if you're just running the applications and they're not configured to run as windows services.

To recap using both methods of cert installation, you can find it under your user account's Personal store? Just to be sure, check also the machine account's store whether it's under its Personal store (run mmc.exe from the command line, File->add/remove snap-in->Cefrtificates->Computer Account->Local computer). The 3rd party component might be looking for it in the wrong store.

0
 
sdom100Author Commented:
Thanks,
I will check this evening
0
 
sdom100Author Commented:
The solution was to set an option when installing the cert via code to persist the certificate

X509Certificate2 cert = new X509Certificate2(certBytes, password,X509KeyStorageFlags.PersistKeySet);
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now