Configuring Private Key Permissions for a Certificate in Win Server 2008

Question

Configuring Private Key Permissions for a Certificate in Win Server 2008

When creating a certificate using makecert on Windows Server 2003, I must set the private key permissions to access the NETWORK SERVICE so that the private key can be read by the WCF service. I could access the file by going to C: \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Crypto \ RSA \ MachineKeys. As soon as I set the permissions for NETWORK SERVICE, everything worked fine.

I am looking at Windows Server 2008 and cannot find a similar localization in C: \ Users or elsewhere. What is the proper mechanism for setting private key permissions? Where are they located? I use makecert to install it directly in TrustedPeople / localmachine

+3

certificate windows-server-2008 permissions makecert

Stealth rabbi May 08 '12 at 20:11

source share

1 answer

Stealth rabbi · Accepted Answer · 2012-05-10T13:06:43+0000

It looks like WinHttpCertCfg.exe is being used here . This is a cleaner way to set permissions on the private key of a certificate than the method described above. I assume that in Windows 2008 and beyond, MS decided to hide the keys in a more discrete place.

I used WinHttpCertCfg to set permissions. Here is an example command to provide read permissions for the NETWORK SERVICE for a certificate named MyCert01 in LOCAL_MACHINE \ TrustedPeople.

winhttpcertcfg.exe -g -c LOCAL_MACHINE\TrustedPeople -s MyCert01 -a "NETWORK SERVICE"

Configuring Private Key Permissions for a Certificate in Win Server 2008

More articles: