views:

72

answers:

2

Hi.

I am just now learning about certificates and how to install them.

I am currntly following instructions as to how to design a profiling system that allows me to access profile information via SOAP envelopes. Accordingly, the instructions are asking me to install the aspnet_db and then the following certificates:

  • 1) IPkey.pfx
  • 2) SubjectKey.pfx
  • 3) LocalHost.pfx

I am instructed to use the MMC snap-in to import the above certs to the "Certificates (Local Computer) / Personal" node.

Then, I am told to use the FindPrivateKey executable to add NETWORKSERVICE.

It may seem like a silly question but, where should I be doing this? Since the instructions started out on the DB server, I installed everything there. Is that right? The next section of the instructions is entitled "Setting up an SSL Certificate" (using the localhost cert) and it looks like this is meant for the web server as it talks about IIS.

Thanks.

A: 

It depends on the type and purpose of the certificate.

  • If you've generated a request for an HTTPS certificate from the web server then the corresponding certificate should go there.

  • If you've generated a request for a client certificate then it should be installed on the machine that requested in, into the account that requested it.

  • If it's a root certificate then it should be installed on all machines that need to trust certificates issued by the the CA which uses that root certificate.

And that's just the 3 most common scenarios, and even then windows has various certificate store locations you can put them in. There are numerous other certificates types and uses. You either need to be specific or talk to whoever gave you the certificates.

blowdart
Thanks blowdart. I have reposted with more detail. Hopefully that helps?
Code Sherpa
Also, if for some reason what I have posted is equally unhelpful, maybe you could let me know what I need to do to help you help me? Again, I am new to this and appreciate the help.
Code Sherpa
A: 

Given the question, he probably means "ssl certificates", in which case: yes, only on the web server.

egrunin
Actually, X.509 Certificates. It is not completely clear from the instructions but it looks like I am meant to install them on the DB server for access to profile information via WCF calls. Does it sound right to you that these certs should live on the DB server?
Code Sherpa