0

(Disclaimer: I have posted this question on StackOverflow, but from a developer point of view. I tried to rewrite the question to fit ServerFault conditions)

A custom service has to log on a remote server through an HTTPS connection, so with an SSL certificate (Windows 2008 Server SP2).

I followed Microsoft's instructions to install a certificate for a service account with MMC. The certificate is (self-signed) installed in Trusted Root Certification Authorities Certificate store. So I added a Certificate Snap-in added the certificate for the service account. Then I saved the console file somewhere, but I don't know if it's useful (I suppose the changes are effective immediately?).

The certificate is visible in the registry (<ServiceName> is the name of the service):

HKLM\SOFTWARE\Microsoft\Cryptography\ Services\<ServiceName>\SystemCertificates\Root\Certificates\<digitalFootprint>

However, the service doesn't find the certificate (the store is assumed to be of type X509).

I experienced a similar problem when trying to install a certificate for a user with certmgr.msc. I had to log as the user, install it through Internet Explorer to make it work.

Did I miss something?

Amessihel
  • 113
  • 8
  • The code is opening the user certificate store, but you installed the certificate in the machine store. – Greg Askew Jun 26 '20 at 10:18
  • @GregAskew, thanks. Then how to install the certificate so the service account retrieves it? I selected "Service account" in [Microsoft instructions page](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc780545(v=ws.10)) (mentionned in my question). – Amessihel Jun 26 '20 at 11:16

1 Answers1

1

Thanks to Crypt32's answer in the StackOverflow version of this question, the problem is due to .NET Api limitations: it "doesn't support certificate lookup in service account stores.".

Amessihel
  • 113
  • 8