views:

134

answers:

1

I am developing a WCF service on my local computer using Visual Studios built in ASP.NET development sever and I'm having issues creating and using temporary Certificates.

I have created a cert call TempCA and added it to the Trusted Root Certificate folder and I have created another called SignedByCA which has been added to the personal folder.

The service config file has been set up to use SignedByCA but when I run the service I get the following error.

The certificate 'CN=SignedByCA' must have a private key that is capable of key exchange. The process must have access rights for the private key.

I have tried using WinHttpCertCfg.exe to give other users access to the key but I have since found out that WinHttpCertCfg.exe has be deprecated in windows Vista.

Has anyone had this issue before in a similar circumstance??

A: 

Try certmgr. But I suppose you used the makecert to generate the certificate, you don't need to use WinHttpCertCfg to install it. It should be installed automatically.

Also, if you are hosting the service in IIS, the private key is normally generated in

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys

You can try granting read-only security of the MachineKeys for the user "NETWORK SERVICE" (user for IIS6).

K2so
Sorry to be a pain but like I said before I'm not using IIS to run my service I'm just running it using the Visual Studio Development Server that runs when you hit debug
Morgeh
I think it's similar, instead of setting it to user "NETWORK SERVICE", try granting "EVERYONE" read-only temporarily and see if you can run debug. You won't want to do this in production of course for security reasons.
K2so
I seem to be going round in circles with this, somehow after a reset of my system the web service can no longer find any certs at all. I just constantly get "Cannot find the X.509 certificate using the following search criteria: StoreName 'AuthRoot', StoreLocation 'CurrentUser', FindType 'FindBySubjectName', FindValue 'CN=SignedByTemp'."
Morgeh
Sorry ignore "AuthRoot" that should say "My" but no matter how many times I create and install the certs I get the same message.
Morgeh
Did you use MMC to check whether the certificate is installed properly into your CurrentUser store?
K2so