{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 神经病院院长 的问题《Install Certificate in IIS CurrentUser/Personal St》','https://www.manongdao.com/q-855688.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
We are hosting some websites on azure and some on a vm in azure. We want to reuse as much code as possible. In azure application services (websites) the installed certificates can be found in the CurrentUser/Personal store using this snippet:
using (var certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
certStore.Open(OpenFlags.ReadOnly);
var certCollection =
certStore.Certificates.Find(
X509FindType.FindByThumbprint,
thumbprint,
false);
}
I want to use the exact same snippet on IIS as well. The application pool identity is set to ApplicationPoolIdentity. I already tried to install the certificate in various places but I am not able to retrieve the desired certificate ... I have also tried to install the certificate in the LocalComputer/Personal store and grant permissions to the private key
Which Identity shall I use in the MMC Snap-In? I cannot find the ApplicationPoolIdentity user account there. There is only an Application Identity account which does not solve my issue ...
For the time being I am creating a new user, adding the certificate to the users
Mystore and using that user as app pool identity. Still, other solutions are very welcome!If you wanted to use the Local Computer store instead of the personal store of a named user you would need to use
StoreLocation.LocalMachinein your call to theX509Storeconstructor, the Enum consists of two values and in your code above you're using the other -CurrentUser. If you are using the certificate's private key theIIS AppUser\ApplicationPoolIdentityuser would need access to the relevant certificates in the Local Computer store, this can be granted by adding theDefaultAppPooluser to the allowed users in the relevant certificate's private key permissions dialog. This is accessible from the certificate's context menu, underAll Tasksand thenManage Private Keys.I am not currently sure if it is possible to install certificates for the
ApplicationPoolIdentityuser, I'm currently trying to find the answer to this myself. According to Microsoft's IIS documentation theApplicationPoolIdentityaccount is a virtual account created for the life of the pool, so I am starting to conclude it may not be possible to use theCurrentUserstore for this type of user. If I find out definitively I will come back and update my answer.