I’ve got an issue with loading a particular X509 certificate within an ASP.NET application (i.e. not through IIS for https). I’ve loaded it into my ‘Personal’ and ‘Trusted Root’ stores on my local machine (through the MMC snap in) but can’t load it from either store.
It seems the NETWORK SERVICE account doesn’t have permissions to read/load it because when I change the app pools identity to a user with administration rights I can find, load and use the cert.
It’s only a public cert, so unlike a cert with a private key, I can’t see anywhere to set permissions on it.
It’s odd because I haven’t had this problem with public certs in this application previously. The only difference I can see to this public cert and previous public certs (which loaded fine) is that this particular public cert has be signed by Verisign and therefore has a certification chain with a couple of other verisign certs.
Thanks in advance,
Charles
FYI, My dev enviroment is just my Vista Business machine with IIS7.
It's been a while, but I seem to recall having had permission-related certificate issues that I solved by importing the cert into a physical store (click the "Show physical stores" check box when installing your certificate).
Alternatively, you could take a look with FileMon or ProcMon and check for Access Denieds for NETWORK SERVICE. This MSDN page lists the locations of the stores on disk.
Still remains a vague answer, but hopefully this eventually leads to a solution...