I am trying to configure the WS-AT support for the WCF service that interacts with a Java service on GlassFish. I get the following error when I try to select and apply the endpoint certificate for WS-AT tab in MSDTC properties.
Environment : Windows Server 2003, 64-bit, .NET Framework 3.5SP1
Error: "Unable to modify the private key for the selected endpoint cerificate. Select a certiifcate with a private key than can be accessed for read access by the MSDTC process."
I generated the cerfiicate through MMC snap-in (Personal --> Request New Certficate ) which has the private key and is intended for client and server authentication. I also made sure that I am using an admin accont and Application Data --> Microsoft --> Crypto -->RSA --> key file has the necessary full permissions to the admin account I am using.
Please let me know if any one has any idea on this. - Thanks
Could you generate the certificate using the following steps:
The certificate does require some stringent properties. Among them is the Enhanced Key Usage of ServerAuthentication and ClientAuthentication as well as a SubjectName that equals the FQDN of the machine in question (System.Net/Http.sys requirement). Creating one for testing purposes is fairly easy however:
1. Make cert and pvk file for CA (Trusted Root Certificate which can be the same on each participating machine) makecert.exe -pe -n CN=MSDTC-Wsat-CA -cy authority -r -sv Msdtc.pvk Msdtc.cer 2. Install CA cert makecert.exe -ss Root -sr LocalMachine -n CN=MSDTC-Wsat-CA -cy authority -r -sv Msdtc.pvk 3. Make/Install cert from CA's pvk file and cert file (Certificate which is different for each participating machine -- Chains to the CA cert created above) makecert -ss My -sr LocalMachine -n CN=%COMPUTERNAME%.%USERDNSDOMAIN% -sky exchange -ir LocalMachine -iv Msdtc.pvk -ic Msdtc.cer
If computers are on a workgroup, remove the .%USERDNSDOMAIN% from the above commandRafael Barcelos - SDET