I have to make a connection to an XMLRPC site from a web application, which uses an X.509 certificate for authentication. Here on my development machine (Vista), I have the keys installed under my User and it's in my Personal certificates storage; if I run my code, it works well (loading the key from a file):
X509Certificate clientcert = new X509Certificate(this.certFile, this.password);
request.ClientCertificates.Add(clientcert);
But I need to install this application on a Windows 2008 Web Server, and I failed to find out how to make it to use this certificate file.
I thought I need to import all corresponding "parent" keys, so I did. I tried importing all of them to the Trusted Root certificates store, but no luck: it still says it's not OK.
Should I use an impersonated account, and have it all the certificates? Should IIS7 be configured anyhow to work with this user/cert store?
The only solution was to
1) Import the root key into LOCAL_MACHINE\Root Certificates store
2) Import the root key into (your user)\Root Certificates store
3) In the asp.net Code, use impersonation like:
<identity impersonate="true"
userName="(your user)"
password="(your password)" />
For some reason, however IIS7's all processes are running under the NT_AUTHORITY\NETWORK user, installing certificate to NETWORK user's store has no use whatsoever.