?
Solved

How do you import/configure a Certificate in Microsfot Server 2003 R2 SE SP2 to run as a Service?

Posted on 2011-09-13
3
Medium Priority
?
304 Views
Last Modified: 2012-05-12
Thanks everyone for your help!

What we are trying to accomplish is the following.  We are implementing a sercure payment gateway with a 3rd Party Bank for e-payments.  We have proviced them with our Public key and we have our private.  The issue we are having is that we dont want to run the website under the default "Local Account" assigned by the Certificas MMC snap-in when importing the certificate.  We want to import the Certificate using the option of Network Services and configure a Application Pool to use under the Identity the Network Service Account, which rigth now this Network Service Account is not able to access the Certificate since its located under Certificates | Local Computer | Personal | Certificates.    

Hope you can understand my situation.

Thanks.
AC
0
Comment
Question by:transitcenter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 1

Expert Comment

by:jimmernet
ID: 36530575
I'm afraid I don't really! Why can't you load the certificate as normal - ie load the cert in the cert mmc for local system, select this in IIS and make sure that it's bound properley. Then simply change the account the app pool runs under. The SSL certificate in IIS is recognised by whatever user the app pool runs under..

Or am I missing the point?
0
 

Accepted Solution

by:
transitcenter earned 0 total points
ID: 36537949
Guys,
I foudn the solution i was looking for.  See below:

Step 1 - Install the Microsoft Windows HTTP Services Certificate Configuration Tool (WinHttpCertCfg.exe)

Step 2 – import the cert.

C:\Program Files\Windows Resource Kits\Tools>winhttpcertcfg -i certname.comapany.com.pfx -c LOCAL_MACHINE\My -a IWAM_SERVERNAME -p PASSWORD
Microsoft (R) WinHTTP Certificate Configuration Tool
Copyright (C) Microsoft Corporation 2001.

Imported certificate:
CN=certname.comapany.com
OU=Domain Control Validated
O=certname.comapany.com


Granting private key access for account:
    SERVERNAME\IWAM_SERVERNAME



Step 3 – grant access to Network Account.

C:\Program Files\Windows Resource Kits\Tools>winhttpcertcfg.exe -g -c LOCAL_MACH
INE\My -s "certname.comapany.com" -a "NetworkService"
Microsoft (R) WinHTTP Certificate Configuration Tool
Copyright (C) Microsoft Corporation 2001.

Matching certificate:
CN=certname.comapany.com
OU=Domain Control Validated
O=certname.comapany.com

Granting private key access for account:
    NT AUTHORITY\NETWORK SERVICE

C:\Program Files\Windows Resource Kits\Tools>
0
 

Author Closing Comment

by:transitcenter
ID: 36558781
The solution was what i was looking for.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question