What forum do I go to to debug access permissions to private key on a certificate in Windows Server 2008 for an ASP.Net 3.5 app? RRS feed

  • Question

  • This is driving me batty.  I've got 3 production web servers that I've installed a client certificate to be used by an ASP.Net 3.5 app to do a Single Sign On to a 3rd party app.  On two of the servers everything works fine, but on one, the app can't access the private key file.  I have granted permissions to the appropriate account (the User Identitity account for the application pool the ASP.Net app runs under), and I can see the permissions in the mmc Certificates console.

    I also tried deleting the certificate and installing it and granting permissions via winhttpcertcfg vs. the mmc Certificates console.

    FindPrivateKey.exe is not able to locate the key file.

    The two servers that work have their private key files in ...\Crypto\RSA\MachineKeys and nothing in \Crypto\Keys.  The one that doesn't work was storing the key in \Crypto\Keys; and when I imported the certificate again with winhttpcertcfg I got new key files in both places!

    Can someone point me to the right place to ask these things?

    S Bernardi
    Friday, November 5, 2010 11:34 PM