问题描述:

I have been digging through the site for 3 days now and have found lots of solutions for local imports, but not this issue with remote importing of a X509Certificate2 object.

Using the following code, I can get the .pfx file to import and say that it has a private key, but it will not mark it as exportable.

var cert = new X509Certificate2(certPath,

certPwd,

X509KeyStorageFlags.MachineKeySet |

X509KeyStorageFlags.PersistKeySet |

X509KeyStorageFlags.Exportable);

var certStore = new X509Store([email protected]"\\{server}\My", StoreLocation.LocalMachine);

certStore.Open(OpenFlags.ReadWrite);

certStore.Add(cert);

certStore.Close();

It connects to the remote server, it installs the certificate, but then because it is not exportable, we cannot bind the certificate in IIS.

I have tried using X509Chain and X509Collection as well, but these again import the certificate, but make it non-exportable.

I'm beating my head against the desk here. Can anyone give me some pointers on this?

The servers are all Win2k8 or higher (most are 2012).

---edit below---

Some extra clarification.

  • I created a Rest API that attempts to do the actual installation of the cert on the remote server.

  • The Application Pool identity is in the administrator group on the server on which I am trying to install the cert on.

  • I wrote a tool today using Win32API's to do the installation and the tool worked. When I added the code to the Rest API, the cert is still not bindable to IIS https sites.

I am leaning towards this being a User Context issue.

---end edits---

Thanks!

-Ed

相关阅读:
Top