We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

Application pool identity and certificate issueRSS

1 reply

Last post Feb 20, 2019 07:22 AM by Jalpa Panchal

  • Application pool identity and certificate issue

    Feb 12, 2019 05:20 PM|barcode2328|LINK

    Hello,

    Hopefully this is posted in the right spot. We are having trouble with a 2 way SSL setup with our customer. We pinned the problem down to our application pool user and the certificate on our end. So here's the issue: From the tracing our customer and us did, we found out that the 2 way ssl process we have setup works up to the point at the end where we have to send our cert over to them. That's the problem, it is not sending our cert over to them. All of our application pools use a domain service account to talk back to our sql backend. This is how we had it setup during testing. We decided to remove that domain user and just use local system as the user for it, and it was then able to complete the 2 way ssl process successfully. The only issue is that now it couldn't talk to the sql backed because we removed that user.

    So my issue is how to retain that domain service user and have it pass on the cert stuff the other side needs. What I have tried to fix this issue is two things. First I logged on with the domain service account user and installed the cert under it (I also made that service user a local admin on the machine). I also tried to take our cert under the computer account and gave full control security permissions to the domain service account, IIS_IUSRS, and even Everyone, by changing "manage private keys for it. Both of these attempts did not fix the issue.

    So how can I get our domain service account to grab this cert and send it over to the client? Any help would be much appreciated.

    Thanks

  • Re: Application pool identity and certificate issue

    Feb 20, 2019 07:22 AM|Jalpa Panchal|LINK

    Hi barcode2328,

    Could you explain how you configure two ssl and what is your actual requirement?

    Regards,

    Jalpa.

    .NET forums are moving to a new home on Microsoft Q&A, we encourage you to go to Microsoft Q&A for .NET for posting new questions and get involved today.