Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > send X509 certificate to an Xmlrpc service under IIS7

Reply
Thread Tools

send X509 certificate to an Xmlrpc service under IIS7

 
 
Balint Kardos
Guest
Posts: n/a
 
      08-24-2009
Hi,

I have to call a remote Xmlrpc gateway, which requires me to send a
previously generated certificate (stored in a .der file).
If I do it in Visual Studio 2008 with my user account (Balint), VS's built
in WebServer can read out the certificate's path and CA's root cert from
CURRENT_USER\Trusted Root, and works fine.

If I try to install the application on IIS7, it fails with "The request was
aborted: Could not create SSL/TLS secure channel".

1) If I understand well, IIS7's W3WP/SVCHOST processes are running under the
NETWORK account.
I've tried to add the certificates to NETWORK's CURRENT_USER\Personal, and
CURRENT_USER\Trusted Root store, but it still not working.

2) I tried <impersonate> in the web.config for my user account, but it's
still not working.

3) I've imported the certs to LOCAL_MACHINE\Trusted Root, no luck.

4) I thought the certificate is bad, or the path is wrongly built, and tried
to use it on a local SSL website:
It's okay, IIS can read out the key from LOCAL_MACHINE\Trusted Root\, so the
https://localhost/ site is working well with these certs, however I don't
want to use it for anything


What am I missing here?
From C# code, how can I build a "path" for my certificate, which would
include the CA's root certificate too?


Thanks,

Balint

 
Reply With Quote
 
 
 
 
Joe Kaplan
Guest
Posts: n/a
 
      08-24-2009
If this is normal SSL client certificate authentication (which it sounds
like it is), you need to ensure that the remote machine you are deploying to
has the private key for the certificate as well and the process running your
service has read access on the private key once it is installed.

To do this, you need to export the certificate as a p12/pfx file, import it
to the remote machine (into the local machine store, not the current user
store) and set the permissions on the private key so that your service
account has read access (unless you are running as System which hopefully
you are not).

HTH!

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"Balint Kardos" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
>
> I have to call a remote Xmlrpc gateway, which requires me to send a
> previously generated certificate (stored in a .der file).
> If I do it in Visual Studio 2008 with my user account (Balint), VS's built
> in WebServer can read out the certificate's path and CA's root cert from
> CURRENT_USER\Trusted Root, and works fine.
>
> If I try to install the application on IIS7, it fails with "The request
> was aborted: Could not create SSL/TLS secure channel".
>
> 1) If I understand well, IIS7's W3WP/SVCHOST processes are running under
> the NETWORK account.
> I've tried to add the certificates to NETWORK's CURRENT_USER\Personal, and
> CURRENT_USER\Trusted Root store, but it still not working.
>
> 2) I tried <impersonate> in the web.config for my user account, but it's
> still not working.
>
> 3) I've imported the certs to LOCAL_MACHINE\Trusted Root, no luck.
>
> 4) I thought the certificate is bad, or the path is wrongly built, and
> tried to use it on a local SSL website:
> It's okay, IIS can read out the key from LOCAL_MACHINE\Trusted Root\, so
> the https://localhost/ site is working well with these certs, however I
> don't want to use it for anything
>
>
> What am I missing here?
> From C# code, how can I build a "path" for my certificate, which would
> include the CA's root certificate too?
>
>
> Thanks,
>
> Balint


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PROBLEM CERTIFICATE X509 Jesus Suarez ASP .Net 0 08-27-2007 02:44 PM
importing public key from X509 certificate kodurradhika@gmail.com ASP .Net Security 1 09-13-2006 09:20 AM
To get from the browser (web client), the server X509 certificate used in an SSL established session paxtra@gmail.com Java 0 08-02-2006 08:02 AM
Webservice, SSL, X509 certificate Jens Rügge ASP .Net Web Services 0 12-08-2004 12:35 PM
Keyset does not exist at Microsoft.Web.Services.Security.X509.X509 Keyset does not exist X509Certificate ASP .Net Web Services 0 06-12-2004 01:07 AM



Advertisments