Give permissions to the ASP.NET account

The account that runs the ASP.NET process must be given permission to use the PKCS12-format key that was imported to the local machine store.

The name of the the ASP.NET account is typically "NETWORK SERVICE" (although it may use another name on your system).

To assign the permissions, you must first download and install the Microsoft Windows HTTP Services Certificate Configuration Tool, which is available at the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?familyid=c42e27ac-3409-40e9-8667-c748e422833f

The tool installs to the C:\Program Files\Windows Resource Kits\Tools directory by default; winhttpcertcfg.exe is the name of the executable.

To run the tool, open a command prompt, navigate to the tool’s installation directory, and issue this command:

WinHttpCertCfg -g -c LOCAL_MACHINE\MY -s "Endeca" -a "NETWORK SERVICE"

If the command is successful, you should see output like this:

Microsoft (R) WinHTTP Certificate Configuration Tool
Copyright (C) Microsoft Corporation 2001.

Matching certificate:
E=support@endeca.com
CN=Endeca User
O=Endeca Technologies
C=US

Granting private key access for account:
   NT AUTHORITY\NETWORK SERVICE