Client Certs and Windows Server 2008

I just spent a while tracking down a cert problem while migrating an app to IIS7 on Windows Server 2008.

This app taps into a web service using a client cert. I finally tracked the problem down to a permissions issue with the private key on the client certificate. On Server 2003 and earlier these permissions are managed with the winhttpcertcfg.exe tool, but that’s not available on Server 2008 (or at least not supported, as far as I can tell). Turns out it’s actually pretty simple, though. See screenshot below:

Windows Server 2008 Client Cert

Yeah…just a simple right-click on the cert in the certificates snap-in. Also, for getting SSL traces, this blog had a good system.diagnostics section:

http://blogs.msdn.com/asiatech/archive/2009/04/08/using-system-net-trace-to-troubleshooting-ssl-problem-in-net-2-0-application.aspx

The microsoft documentation, as usual, was lacking, and most of the examples I tried didn’t seem to actually output the trace to a file (at least not where I expected to find it).

keywords: server 2008 client cert certificate permissions winhttpcfg