Solved

How do you import/configure a Certificate in Microsfot Server 2003 R2 SE SP2 to run as a Service?

Posted on 2011-09-13
3
300 Views
Last Modified: 2012-05-12
Thanks everyone for your help!

What we are trying to accomplish is the following.  We are implementing a sercure payment gateway with a 3rd Party Bank for e-payments.  We have proviced them with our Public key and we have our private.  The issue we are having is that we dont want to run the website under the default "Local Account" assigned by the Certificas MMC snap-in when importing the certificate.  We want to import the Certificate using the option of Network Services and configure a Application Pool to use under the Identity the Network Service Account, which rigth now this Network Service Account is not able to access the Certificate since its located under Certificates | Local Computer | Personal | Certificates.    

Hope you can understand my situation.

Thanks.
AC
0
Comment
Question by:transitcenter
  • 2
3 Comments
 
LVL 1

Expert Comment

by:jimmernet
ID: 36530575
I'm afraid I don't really! Why can't you load the certificate as normal - ie load the cert in the cert mmc for local system, select this in IIS and make sure that it's bound properley. Then simply change the account the app pool runs under. The SSL certificate in IIS is recognised by whatever user the app pool runs under..

Or am I missing the point?
0
 

Accepted Solution

by:
transitcenter earned 0 total points
ID: 36537949
Guys,
I foudn the solution i was looking for.  See below:

Step 1 - Install the Microsoft Windows HTTP Services Certificate Configuration Tool (WinHttpCertCfg.exe)

Step 2 – import the cert.

C:\Program Files\Windows Resource Kits\Tools>winhttpcertcfg -i certname.comapany.com.pfx -c LOCAL_MACHINE\My -a IWAM_SERVERNAME -p PASSWORD
Microsoft (R) WinHTTP Certificate Configuration Tool
Copyright (C) Microsoft Corporation 2001.

Imported certificate:
CN=certname.comapany.com
OU=Domain Control Validated
O=certname.comapany.com


Granting private key access for account:
    SERVERNAME\IWAM_SERVERNAME



Step 3 – grant access to Network Account.

C:\Program Files\Windows Resource Kits\Tools>winhttpcertcfg.exe -g -c LOCAL_MACH
INE\My -s "certname.comapany.com" -a "NetworkService"
Microsoft (R) WinHTTP Certificate Configuration Tool
Copyright (C) Microsoft Corporation 2001.

Matching certificate:
CN=certname.comapany.com
OU=Domain Control Validated
O=certname.comapany.com

Granting private key access for account:
    NT AUTHORITY\NETWORK SERVICE

C:\Program Files\Windows Resource Kits\Tools>
0
 

Author Closing Comment

by:transitcenter
ID: 36558781
The solution was what i was looking for.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question