I have an ASP.NET webservice that communicates with another webservice using a client-side certificate. The certificate is located in the LOCAL_MACHINE store. I have granted "Network Services" access to the certificate via winhttpcertcfg.exe. I know that I'm granting permission properly, because I got everything working on a development box and the permission was the step that made it work.
So I'm trying to figure out what is different between my development box and my production box. They both have IIS 6.0. They both have my webservice installed. They both have the same certificate in the local machine store with "Network Services" permission. They're both able to see the other webservice via IE when the certificate is selected. They're both able to consume the other webservice via non-IIS applications using the cert in CURRENT_USER. I've visually gone through every IIS setting that I know of, and they seem to be the same.
So, is there some setting that could be causing "Network Services" to look somewhere besides the LOCAL_MACHINE store for certificates? Or is there something else I could be overlooking?
Best Answer
Have you tried this procedure to installing a certificate for the Network Services account? It involves temporarily adding the Network Services account to the Administrator's group.
You can also look at this person's solution to getting a cert to work in IIS 6.0