Where did 'My" certificate store go?

Question

Because I'm awesome I'm trying to run the latest WIF demo app using VS2k10 B2 on my 7 boxen... 64bit of course (my neckbeard is strong) I'm having a problem getting it running.

Part of the whole demo thing requires I install some certificates on the local machine. Problem is that they ask me to install some of the website certs into a certificate store called LocalMachine/My. Well, there doesn't appear to be any /My anymore. There appears a suspiciously similar store called Personal, but the app doesn't work if I install the certs there and change the configurations to look in LocalMachine/Personal.

If I install the certs in TrustedPeople (it's mentioned as a valid location by the exception that was thrown when I attempted to use Personal), is that sufficient? Would doing this be considered bad form on a production machine?

---

The Windows Identity Foundation test project can be found at: http://claimsbasedwpf.codeplex.com

The exception:

Property name: 'certificateReference' Error: 'ID1025: Cannot find a unique certificate that matches the criteria. StoreName: 'My' StoreLocation: 'LocalMachine' X509FindType: 'FindBySubjectDistinguishedName' FindValue: 'CN=busta-rpsts.com''

Answer 1

The .NET refers to the stores differently than windows does. Which is a right pain in the butt. When .NET talks about the My store Windows refers to it as the Personal store.

Where you put certs depends on their purpose. The Personal store is for certificates you will use, where you have both the public and private key. The Trusted People store is for certificates where you (normally) only have the public key and want to add an explicit trust for those certificates.

Also remember if you are using a certificate to encrypt your user account must have access to the private key. For certificates installed in LocalMachine/My then administrators will but, for example, NETWORK SERVICE will not. You will need to specifically grant access to the private key.