I'm stuck with granting client certificates in Windows Server 2003 with winhttpcertcfg :(
My cert is correctly installed in LOCAL_MACHINE\My keystore and I granted it with winhttpcertcfg.exe. So everything looks good to me:
WinHttpCertCfg.exe -l -c LOCAL_MACHINE\MY -s "MY_CERT"
Additional accounts and groups with access to the private key include:
NT AUTHORITY\SYSTEM
BUILTIN\Administrators
But when I try to access MY_CERT in a windows service which is logged on as local system account I get the following Exception:
System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
Log-Details:
System.Net Information: 0 : [0600] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent = Outbound, scc = System.Net.SecureCredential)
System.Net Error: 0 : [0600] AcquireCredentialsHandle() failed with error 0X8009030D. System.Net.Sockets Verbose: 0 : [0600] Socket#21936442::Dispose()
System.Net Error: 0 : [0600] Exception in the HttpWebRequest#24862511:: - The request was aborted: Could not create SSL/TLS secure channel.
System.Net Error: 0 : [0600] Exception in the HttpWebRequest#24862511::EndGetResponse - The request was aborted: Could not create SSL/TLS secure channel.
Everythings works fine if the windows service is logged on as another user. What's the problem with local system account accessing the keystore?
Any suggestions?
