0

I have a Smart Card (actually a USB dongle, called a Feitian ePass2003) with a certificate and its accompanying private key on it, and I want to use this certificate to serve my SSL site in IIS.

To me, this seems like a good idea, because I am protecting my private key by keeping it off the PC, so if the machine is compromised the key (and hence the certificate) will still be safe. It also seems better than the alternative of using a passphrase, because I would not need to re-enter the passphrase at every server restart. So, I would guess many people running web servers would like to do this.

If that is true, why is it that I cannot seem to make IIS able to do this? It will not see the certificate, unless I copy it to the "Local Machine" certificate store using the MMC "Certificates" snap-in, but when I try to use it then I get the error "A specified logon session does not exist. It may already have been terminated (Exception from HRESULT 0x80070520)."

Lots of Googling only turns up results related to client certificates, which is not what I'm after.

Can IIS not do this? Am I silly to want this in the first place?

rix0rrr
  • 246
  • 1
  • 4
  • It's not clear what you're trying to do here. "I want to use this certificate to serve my SSL site in IIS" - Do you mean you want to use the certificate on a smartcard to serve as the SSL cert for an IIS-backed website? Or are you simply trying to authenticate to an website on IIS using the certificate on your smartcard? – bobmagoo May 23 '13 at 05:36
  • The first one. I want the certificate on the smart card as a server certficate. Just the private key would be good enough as well, the certificate can be on the computer, but I'll take whatever I can get. – rix0rrr May 23 '13 at 11:12

0 Answers0