# Import your X.509 certificate (use MMC) to Certificates (Local Computer)\Peronal\Certificates
# Give access rights to ASP.NET account (accout that are used from your IIS application pool
# (Authentication\Anonimous Authentication -> Edit))
C:\Program Files (x86)\Windows Resource Kits\Tools>WinHttpCertCfg.exe -g -c LOCA
L_MACHINE\MY -s "WS13990000003._.1" -a "IUSR"
Microsoft (R) WinHTTP Certificate Configuration Tool
Copyright (C) Microsoft Corporation 2001.
Matching certificate:
CN=WS13990000003._.1
OU=.
O=AIBMS External Test Account 2
L=" "
C=" "
Private key access has already been granted for account:
NT AUTHORITY\IUSR
# Use FindPrivateKey to find your certificate location by thumbprint (from MMC double click the certificate and in tab Details copy Thumbprint)
C:\Temp\wcf\WF_WCF_Samples\WCF\Setup\FindPrivateKey\CS\bin>FindPrivateKey.exe My
LocalMachine -t "42 83 4d 43 0d b0 90 5e 4b 63 3d b3 02 ef 56 11 51 ae 6a 75"
Private key directory:
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
Private key file name:
4026d61bdce9dbe86f53968965e97fca_2682182a-1e07-4636-b888-506afe873fed
# Use icacls to give rights to private key file to your application pool account (or everyone)
C:\Tools>icacls "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4026d61bdce9dbe
86f53968965e97fca_2682182a-1e07-4636-b888-506afe873fed" /grant:r "Everyone":F
processed file: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4026d61bdce9dbe8
6f53968965e97fca_2682182a-1e07-4636-b888-506afe873fed
Successfully processed 1 files; Failed processing 0 files