1

Here's what I want to do: take a working ASP.NET application that calls a 3rd party web service using WCF certificate authentication for both the client (my web application) and the server (the service). I got this working in my development environment using my personal certificate store. Now I've deployed to a staging server using Windows Server 2008 R2 and IIS 7.5, and, to put it mildly, I'm having some trouble with the certificates.

I've tried many different approaches and won't list them all here, but for the record:

  1. I've read the docs on certmgr backwards and forwards
  2. I've tried to install to the LocalMachine store and can't seem to get the certificates in there (I am logged in as an administrator).
  3. I've set up a special account to run the site and installed the certificates in the personal store of the IIS account (and, thanks to this SO question, I set the app pool to load the user profile)

For all of my attempts, I am getting back some version of the error, "Cannot find the X.509 certificate"

My question is: can you point me to one definitive resource that will take me through the steps to do this successfully, from the installation of the certificates to the configuration of the certificate reference? Or, even better, is there a simple way to diagnose exactly why my application can't find the certificates I've installed?

Community
  • 1
  • 1
Paul Keister
  • 12,851
  • 5
  • 46
  • 75

1 Answers1

0

The best place to start is usually MSDN:

http://msdn.microsoft.com/en-us/library/ms731899.aspx

A pretty common thing to happen in these scenarios is access has not be granted for the service account to see the private key of the certificate you want it use.

You can grant accounts access to the key via the Certificates snap-in in Task->Manage Private Keys.

Brad
  • 84
  • 3
  • I agree. MSDN is my first choice for research on issues with the MS stack. For example, I spent many hours on MSDN working on this particular issue. The reason I posted this question is that, for all of the MSDN articles I read, I never came across a walk-through that specifically addressed the issue of how to install certificates for use with a WCF service hosted in IIS. All I found were articles such as the one you reference which are general in nature. Problem was eventually solved by instructions from the creator of the service. – Paul Keister Sep 08 '12 at 22:35