With IIS 7.5 (also available for IIS running in Vista and Server 2008 with SP2), we’ve got a “new” security feature called application pool identities. According to the docs, application pool identities “allow you to run app pools under a unique account without having to create and manage domains or local accounts”. Until now, everything looks good and this is, indeed, an welcomed new feature. Now, my problem was granting access to the private keys of the certificate to that account. Initially, I’ve tried using my beloved winhttpcertcfg tool:
C:\Windows\system32>winhttpcertcfg -g -c LOCAL_MACHINE\My -s mycertificate -a "IIS APPPOOL\ASP.NET v4.0"
The result: “Error: no account information found.” Not good. I know that I could use the good old FindPrivateKey utility, but I’ve thought that there should be an easy way of doing these things. And yes, there is. I’ve tripped into an even easier way of granting permissions to a private key (interestingly, available since Windows Vista
Read more: LA.NET [EN]
Posts
