IIS 7 and Above
Application pool identity and certificate issue
Last post Feb 20, 2019 07:22 AM by Jalpa Panchal
Feb 12, 2019 05:20 PM|barcode2328|LINK
Hopefully this is posted in the right spot. We are having trouble with a 2 way SSL setup with our customer. We pinned the problem down to our application pool user and the certificate on our end. So here's the issue: From the tracing our customer and us
did, we found out that the 2 way ssl process we have setup works up to the point at the end where we have to send our cert over to them. That's the problem, it is not sending our cert over to them. All of our application pools use a domain service account
to talk back to our sql backend. This is how we had it setup during testing. We decided to remove that domain user and just use local system as the user for it, and it was then able to complete the 2 way ssl process successfully. The only issue is that now
it couldn't talk to the sql backed because we removed that user.
So my issue is how to retain that domain service user and have it pass on the cert stuff the other side needs. What I have tried to fix this issue is two things. First I logged on with the domain service account user and installed the cert under it (I also
made that service user a local admin on the machine). I also tried to take our cert under the computer account and gave full control security permissions to the domain service account, IIS_IUSRS, and even Everyone, by changing "manage private keys for it.
Both of these attempts did not fix the issue.
So how can I get our domain service account to grab this cert and send it over to the client? Any help would be much appreciated.
Feb 20, 2019 07:22 AM|Jalpa Panchal|LINK
Could you explain how you configure two ssl and what is your actual requirement?