Problem:
I have some code that makes a call to an external web service that is secured using X.509 certification. If I call the service using the application pool set to Local service then it executes.
When I set the app pool to use a domain account domain\svc.account the webservice fails with the error: Keyset does not exist.
Solution:
This certificate is installed correctly but the domain account needs to be granted permissions to that certificate. This will allow the service account to access the private key attached to the certificate.
- Start -> Run -> MMC
- File -> Add/Remove Snapin
- Add the Certificates Snap In
- Select Computer Account, then hit next
- Select Local Computer (the default), then click Finish
- On the left panel from Console Root, navigate to Certificates (Local Computer) -> Personal -> Certificates
- Your certificate will most likely be here.
- Right click on your certificate -> All Tasks -> Manage Private Keys
10.It is possible that you may be required to add the local IIS_USRS group to the access list. Grant it read permissions.
No comments:
Post a Comment