IIS7 can't find X.509 certificate, even though self-hosting WCF can

0
votes

I'm trying to host WCF service in IIS7. Everything worked fine until I've specified the following in web.config file:

    <serviceCredentials>
      <serviceCertificate findValue="MyCert"
                          storeLocation="CurrentUser"
                          storeName="My"
                          x509FindType="FindBySubjectName" />
    </serviceCredentials>

Then I get an exception System.InvalidOperationException: Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'CurrentUser', FindType 'FindBySubjectName', FindValue ‘MyCert’.

BTW - I'm using this same certificate ( stored at the same location ) with self-hosting WCF service without any problems.

3
wcfiis-7

3 Answers

2
votes

You might have selected the wrong storeLocation. Have you tried storeLocation="LocalMachine"?

If this doesn't work then you need to give your iis worker process. I needed to do this when I hosted WCF service in iis6 that used Username with shared certificate security.

2
votes

It could be that the identity your service is running as in IIS7 doesn't have access to the store. Generally this identity is ApplicationPoolIdentity.

1
votes

Try granting read access to the cert's private key for the account the application pool is running as. In Certificates MMC snap-in, find the cert, right click, manage private key...