Certificate is already installed on machine. Now I want to give read permission on PrivateKey of Certificate to application user.
Right-click the certificate, and select All Tasks > Manage Private Keys. Add the NETWORK SERVICE user to the list of groups and user names. Select the NETWORK SERVICE user and grant it Full Control rights. Click OK.
How do I get it? The Private Key is generated with your Certificate Signing Request (CSR). The CSR is submitted to the Certificate Authority right after you activate your Certificate. The Private Key must be kept safe and secret on your server or device because later you'll need it for Certificate installation.
How to change SMB shared folder access permission using PowerShell? We can use the command Grant-SmbShareAccess to change the shared folder access permission or to assign the new user to the shared folder with permission.
Here is the Answer.
Created a powershell script file AddUserToCertificate.ps1
Here is the content for script file.
param( [string]$userName, [string]$permission, [string]$certStoreLocation, [string]$certThumbprint ); # check if certificate is already installed $certificateInstalled = Get-ChildItem cert:$certStoreLocation | Where thumbprint -eq $certThumbprint # download & install only if certificate is not already installed on machine if ($certificateInstalled -eq $null) { $message="Certificate with thumbprint:"+$certThumbprint+" does not exist at "+$certStoreLocation Write-Host $message -ForegroundColor Red exit 1; }else { try { $rule = new-object security.accesscontrol.filesystemaccessrule $userName, $permission, allow $root = "c:\programdata\microsoft\crypto\rsa\machinekeys" $l = ls Cert:$certStoreLocation $l = $l |? {$_.thumbprint -like $certThumbprint} $l |%{ $keyname = $_.privatekey.cspkeycontainerinfo.uniquekeycontainername $p = [io.path]::combine($root, $keyname) if ([io.file]::exists($p)) { $acl = get-acl -path $p $acl.addaccessrule($rule) echo $p set-acl $p $acl } } } catch { Write-Host "Caught an exception:" -ForegroundColor Red Write-Host "$($_.Exception)" -ForegroundColor Red exit 1; } } exit $LASTEXITCODE
Now run it as part of deployment. Example to running above script in powershell console window.
C:\>.\AddUserToCertificate.ps1 -userName testuser1 -permission read -certStoreLocation \LocalMachine\My -certThumbprint 1fb7603985a8a11d3e85abee194697e9784a253
this example give read permission to user testuser1 on certificate that in installed in \LocalMachine\My and has thumb print 1fb7603985a8a11d3e85abee194697e9784a253
If you are using ApplicationPoolIdentity then you username will be 'IIS AppPool\AppPoolNameHere'
Note: You will need to use ' ' as there is a space between IIS and AppPool.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With