Zip Component, Email Component, Encryption Component ActiveX Control for Zip Compression .NET Components for ASP.NET
ActiveX and .NET Components for Zip Compression, Encryption, Email, XML, S/MIME, HTML Email, Character Encoding, Digital Certificates, FTP, and more ASP Email ActiveX Component

Index of Chilkat Blog Posts

January 3, 2007

Certificate Private Key Access from Windows Service or ASP.NET

Here’s a recipe on how to install a digital certificate w/ private key so that the private key is accessible and useable from a Windows Service or ASP.NET:

  1. Requested new X509 certificate from Thawte, security level = Medium.
  2. Imported from IE7 directly from Thawte using default options.
  3. Verify that the newly imported certificate is NOT found by my Windows Service program (or ASP.NET). To do this, I try to create a digital signature from my service program. It cannot even find the certificate.
  4. Run certmgr.msc and export cert to a .pfx, include private keys.
  5. Double-click on .pfx. Import without strong private key protection,
    mark key as exportable. Export with "test" as the password.
  6. My service is on Windows XP and runs under the "SYSTEM" account. (Make sure to use the appropriate account name for ASP.NET or whatever login account is used by your Service.)
    I ran winhttpcertcfg to import:

winhttpcertcfg -i something.pfx -c LOCAL_MACHINE\My -p test -a SYSTEM

The argument to the -a option should be the account name.
The certificate with private key is now accessible and useable by the Windows Service.

Privacy Statement. Copyright 2000-2011 Chilkat Software, Inc. All rights reserved.
Send feedback to

Components for Microsoft Windows XP, 2000, 2003 Server, Vista, Windows 7, and Windows 95/98/NT4.