winhttpcertcfg giving access to IIS user in Windows 7

Question

I need to give access to the IIS user to a pfx certificate. The website is running under the App Pool under some user AppPoolUser. IIS automatically has the user name \"IIS

Answer 1

I know it's an old question, but I just had the same problem yesterday so I though I'd answer.

I had the same problem but with a certificate located in the LocalMachine -> TrustedPeople store...

You have to use icacls instead of WinHttpCertCfg, taken from this link.

Basically, it should look like this:

ICACLS  /grant "IIS AppPool\DefaultAppPool":R

For the sake of completion, here how I needed to do it to access the "Trusted People" store. Taken in part from this link.

1. Use the FindPrivateKey tool from Microsoft to locate the actual file for the cert in the store. This tool must be compiled from the source code in .\WF_WCF_Samples\WCF\Setup\FindPrivateKey\CS from the Windows Communication Foundation (WCF) and Windows Workflow Foundation (WF) Samples for .NET Framework 4 download.

   FindPrivateKey.exe TrustedPeople LocalMachine -t ""
   

2. Use icacls on the file given by FindPrivateKey.

   icacls C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ /grant "IIS AppPool\":R
   

Voilà!