For a signed request in the .NET apps hosted on the Windows Legacy Server, you would need to add the certificate private key to the Local Machine Key Store to access it within your .NET application.
The following steps need to be followed to add the private key and provide access:
A] There are two ways to add a certificate private key to Local Machine KeyStore:
-
- Using the Certificate Wizard tool:
- Double Click on your .PFX file, it will directly open the certificate wizard tool and select the store location to “Local Machine“ as your store location, and click “Next”.
- Check the path for your current .pfx file selected in the certificate import wizard, then click “Next“.
- Enter your .PFX password if you have set or click “Next“.
- Click on “Place all certificates in the following store“ and then on “Browse“.
- Select the “Trusted Root Certification Authorities“ folder.
- After a successful import, you will see the dialog box with the message: “The Import was successful.“ then click ”OK”.
- Using Microsoft Management Console:
- Run “mmc“, Click “File“ ==> “Add/Remove Snap-In“.
- Select “Certificates“ and click on “Add”, further select “Computer Account” and then “Local Computer”.
- Click on Certificates ==> Trusted Root Certification Authorities ==> Certificates ==> All Tasks ==> Import your certificate.
- Using the Certificate Wizard tool:
B] Give permissions to your Local Machine Keys:
- Go to the following path:
“C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys“ and update the permission of the “IIS_IUSRS“ to “Read“, “Write“, “Read & Execute“. - If there is no user found as “IIS_IUSRS”, then add the user with the name “IIS_IUSRS” and provide the specified permissions.
- If there isn’t a machine key looking at the last modified date copy the MachineKey:
From: “C:\Documents and Settings\All Users\ApplicationData\Microsoft\Crypto\RSA\MachineKeys“,To: “C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys“.
C] Now, instead of loading certificates from the mo_cert folder, we will pick the certificate from the Local Machine KeyStore from within the module. So, once you have completed the above steps, please let us know and we will provide you with the updated module.
If you continue to experience problems despite all of this, please feel free to contact us at aspnetsupport@xecurify.com.