adding certificate to remote x509store miss the private key

Question

The task is to import certificate to remote server (win2008 server web edition/ IIS7).

certificate is in .pfx file.

after installation I noticed the private key saved on the client server (from which script is running) (in C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys), but not on destination server (where certificate is installed). Due this certificate can't be used for site binding with error:

A specified logon session does not exist. It may be already have been terminated.

So. I can see certificate is installed on the remote server but private key is not. What I did wrong ?

Dim pathToPFXFile As String = "\\CertServer\e$\tmp\CPVanitySSLInstall.pfx" 
    Dim passwordForPFXFile As String = "xxx"
    Dim WinVanitySSLTable As Data.DataTable
    Dim cert, cert1 As X509Certificate2
    Dim certs As X509Certificate2Collection
    Dim store As X509Store

    cert = New X509Certificate2(pathToPFXFile, passwordForPFXFile, X509KeyStorageFlags.MachineKeySet Or X509KeyStorageFlags.PersistKeySet Or X509KeyStorageFlags.Exportable)
    store = New X509Store("\\DestinationServerName\My", StoreLocation.LocalMachine)
    If (cert IsNot Nothing) Then
        store.Open(OpenFlags.MaxAllowed)
        store.Add(cert)
        store.Close()
    End If

BTW when I run this script on destination server itself it works completely as expected. Except of this i checked access to machine keys store on remote server \\DestinationServerName\\C$\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys and it is OK.

Answer 1

You can use certificate manager in windows to verify if the certificate does have an associated private key. Select the cert in the list and click Open or look at the icon if there is a little key in it you have a private key. If it does have a private key make sure iis or your asp.net app has permissions to access it. You can find the private key file at C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\MachineKeys to check permissions.