?
Solved

How do you import/configure a Certificate in Microsfot Server 2003 R2 SE SP2 to run as a Service?

Posted on 2011-09-13
3
Medium Priority
?
308 Views
Last Modified: 2012-05-12
Thanks everyone for your help!

What we are trying to accomplish is the following.  We are implementing a sercure payment gateway with a 3rd Party Bank for e-payments.  We have proviced them with our Public key and we have our private.  The issue we are having is that we dont want to run the website under the default "Local Account" assigned by the Certificas MMC snap-in when importing the certificate.  We want to import the Certificate using the option of Network Services and configure a Application Pool to use under the Identity the Network Service Account, which rigth now this Network Service Account is not able to access the Certificate since its located under Certificates | Local Computer | Personal | Certificates.    

Hope you can understand my situation.

Thanks.
AC
0
Comment
Question by:transitcenter
  • 2
3 Comments
 
LVL 1

Expert Comment

by:jimmernet
ID: 36530575
I'm afraid I don't really! Why can't you load the certificate as normal - ie load the cert in the cert mmc for local system, select this in IIS and make sure that it's bound properley. Then simply change the account the app pool runs under. The SSL certificate in IIS is recognised by whatever user the app pool runs under..

Or am I missing the point?
0
 

Accepted Solution

by:
transitcenter earned 0 total points
ID: 36537949
Guys,
I foudn the solution i was looking for.  See below:

Step 1 - Install the Microsoft Windows HTTP Services Certificate Configuration Tool (WinHttpCertCfg.exe)

Step 2 – import the cert.

C:\Program Files\Windows Resource Kits\Tools>winhttpcertcfg -i certname.comapany.com.pfx -c LOCAL_MACHINE\My -a IWAM_SERVERNAME -p PASSWORD
Microsoft (R) WinHTTP Certificate Configuration Tool
Copyright (C) Microsoft Corporation 2001.

Imported certificate:
CN=certname.comapany.com
OU=Domain Control Validated
O=certname.comapany.com


Granting private key access for account:
    SERVERNAME\IWAM_SERVERNAME



Step 3 – grant access to Network Account.

C:\Program Files\Windows Resource Kits\Tools>winhttpcertcfg.exe -g -c LOCAL_MACH
INE\My -s "certname.comapany.com" -a "NetworkService"
Microsoft (R) WinHTTP Certificate Configuration Tool
Copyright (C) Microsoft Corporation 2001.

Matching certificate:
CN=certname.comapany.com
OU=Domain Control Validated
O=certname.comapany.com

Granting private key access for account:
    NT AUTHORITY\NETWORK SERVICE

C:\Program Files\Windows Resource Kits\Tools>
0
 

Author Closing Comment

by:transitcenter
ID: 36558781
The solution was what i was looking for.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question