after everything was running smooth in my earlier deployment environments, I've moved my site onto a server 2008 R2 box...
I have a silverlight enabled wcf service (in IIS) which calls another external service, but my wcf service is unable to find the certificate that it needs to access the external service.
It is likely that certificate CN=blahblah.com, OID.1.2.840.113549.1.9.2=MyName, OU=MyCompany, O=Provider Group may not have a private key that is capable of key exchange or the process may not have access rights for the private key. Please see inner exception for detail.
My web site (and its wcf service) are running under a custom app pool and i've added that app pool account to have access to the certificate. I've verified this account has access via the -l switch of winhttpcertcfg.exe tool.
The certificate is in the Local Machine - Personal (My), and my web.config file matches this:
<clientCertificate findValue="blahblah.com" storeLocation="LocalMachine"
storeName="My" x509FindType="FindBySubjectName" />
I also played with the FindPrivateKey.exe tool, to discover the file path of the private key (which was D:\Users\\myaccountname\AppData\Roaming\Microsoft\Crypto\RSA), and I gave "everyone" permissions on this path, but still no luck.
Using ProcMon, I can see that the folder D:\Users\\theApplicationPoolAccount\AppData\Roaming\Microsoft\Crypto\RSA\ is being queried. When I call my service so it is looking in the current user (this is odd) as my web.config above clearly specifies to look for the cert in LocalMachine\My...
When I did install the certificate, initialy it went into the CurrentUser\My store (I wasn't given the option to install to the LocalMachine\My), but I then able to drag the cert into the LocalMachine\My store
Has anyone had any luck reading private keys of certificates in windows server 2008?
