it:ad:iis:howto:provide_cert_access_to_apppool_identity

IT:AD:IIS:HowTo:Provide Cert Access to AppPool Identity

Process

It's a bit trickier than it at first appears…

  • Use MMC + Cert plugin (rather than just CertMgr.msc, which is for Current User only)
  • Right-click cert and give Private Key access to current AppPool identity.
    • If it is ApplicationPoolIdentity, you have to give access to an identity that is not visible in local user list – but is of format IIS APPPOOL\{MyAppPoolName} (as described here: ApplicationPoolIdentity)
    • Important: But the identity is only a sort of half identity…you will get security errors, unless you go back to the AppPool's advanced identity and Load User Profile.
  • /home/skysigal/public_html/data/pages/it/ad/iis/howto/provide_cert_access_to_apppool_identity.txt
  • Last modified: 2023/11/04 01:45
  • by 127.0.0.1