winhttpcertcfg: Granting certificates with for windows service user

5

I'm stuck with granting client certificates in Windows Server 2003 with winhttpcertcfg :(

My cert is correctly installed in LOCAL_MACHINE\My keystore and I granted it with winhttpcertcfg.exe. So everything looks good to me:

WinHttpCertCfg.exe -l -c LOCAL_MACHINE\MY -s "MY_CERT"

Additional accounts and groups with access to the private key include:

NT AUTHORITY\SYSTEM

BUILTIN\Administrators

But when I try to access MY_CERT in a windows service which is logged on as local system account I get the following Exception:

System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

Log-Details:

System.Net Information: 0 : [0600] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent = Outbound, scc = System.Net.SecureCredential)

System.Net Error: 0 : [0600] AcquireCredentialsHandle() failed with error 0X8009030D. System.Net.Sockets Verbose: 0 : [0600] Socket#21936442::Dispose()

System.Net Error: 0 : [0600] Exception in the HttpWebRequest#24862511:: - The request was aborted: Could not create SSL/TLS secure channel.

System.Net Error: 0 : [0600] Exception in the HttpWebRequest#24862511::EndGetResponse - The request was aborted: Could not create SSL/TLS secure channel.

Everythings works fine if the windows service is logged on as another user. What's the problem with local system account accessing the keystore?

Any suggestions?

.net
ssl
windows-server-2003
x509certificate
asked on Stack Overflow Aug 25, 2011 by mjunge

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0