I need to give access to the IIS user to a pfx certificate. The website is running under the App Pool under some user AppPoolUser. IIS automatically has the user name "IIS APPPOOL\AppPoolUser" and this is what we need to give access when we use aspnet_regiis -ga .
However, when i use winhttpcertcfg to give access to the user "IIS APPPOOL\AppPoolUser", it says "No account information was found".
The command I use is
winhttpcertcfg -i <filename> -c <certificateLocation> - g -a <account name>
Didn't find any samples for this over the web. Any ideas?
IIS 6 - by default, application pools run under the Network Service account which is a member of IIS_WPG group.
Applying Modify/Write Permissions to the Correct User Account. Under the Security tab, you will see MACHINE_NAME\IIS_IUSRS is listed. This means that IIS automatically has read-only permission on the directory (e.g. to run ASP.Net in the site). You do not need to edit this entry.
I know it's an old question, but I just had the same problem yesterday so I though I'd answer.
I had the same problem but with a certificate located in the LocalMachine -> TrustedPeople store...
You have to use icacls
instead of WinHttpCertCfg
, taken from this link.
Basically, it should look like this:
ICACLS <filename> /grant "IIS AppPool\DefaultAppPool":R
For the sake of completion, here how I needed to do it to access the "Trusted People" store. Taken in part from this link.
Use the FindPrivateKey tool from Microsoft to locate the actual file for the cert in the store. This tool must be compiled from the source code in .\WF_WCF_Samples\WCF\Setup\FindPrivateKey\CS
from the Windows Communication Foundation (WCF) and Windows Workflow Foundation (WF) Samples for .NET Framework 4 download.
FindPrivateKey.exe TrustedPeople LocalMachine -t "<thumbprint of the SSL cert>"
Use icacls
on the file given by FindPrivateKey.
icacls C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\<path to certificate> /grant "IIS AppPool\<your AppPool name>":R
Voilà!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With