it:ad:certificates:howto:manage_private_key_access

IT:AD:Certificates:HowTo:Manage Private Key Access

Summary

If you have installed a *.pfx (private + certified public key) (eg: for encryption or SSL), access to the Private Key will be guarded by the Certificate Store.

Since your app will need to use the Private Key to encrypt outgoing messages that recipients can use the (certified) public key to decrypt, access will first need to be granted to your applications (AppPool) identity.

Process

Use MMC to get to your Personal store, where your cert is located (we're not interested at this point in the Root store where the backing CA is located).

Once you have the store open, ensure your certificate is showing the little Key (indicating it has a Private Key), right click, select All Tasks and Manage Private Keys:

and give permissions to the identity backing your web application:

  • /home/skysigal/public_html/data/pages/it/ad/certificates/howto/manage_private_key_access.txt
  • Last modified: 2023/11/04 03:38
  • by 127.0.0.1