I have a Smart Card (actually a USB dongle, called a Feitian ePass2003) with a certificate and its accompanying private key on it, and I want to use this certificate to serve my SSL site in IIS.
To me, this seems like a good idea, because I am protecting my private key by keeping it off the PC, so if the machine is compromised the key (and hence the certificate) will still be safe. It also seems better than the alternative of using a passphrase, because I would not need to re-enter the passphrase at every server restart. So, I would guess many people running web servers would like to do this.
If that is true, why is it that I cannot seem to make IIS able to do this? It will not see the certificate, unless I copy it to the "Local Machine" certificate store using the MMC "Certificates" snap-in, but when I try to use it then I get the error "A specified logon session does not exist. It may already have been terminated (Exception from HRESULT 0x80070520)."
Lots of Googling only turns up results related to client certificates, which is not what I'm after.
Can IIS not do this? Am I silly to want this in the first place?
User contributions licensed under CC BY-SA 3.0