Monday, December 07, 2009 2:26 PM
I am trying to configure the WS-AT support for the WCF service that interacts with a Java service on GlassFish. I get the following error when I try to select and apply the endpoint certificate for WS-AT tab in MSDTC properties.
Environment : Windows Server 2003, 64-bit, .NET Framework 3.5SP1
"Unable to modify the private key for the selected endpoint cerificate. Select a certiifcate with a private key than can be accessed for read access by the MSDTC process."
I generated the cerfiicate through MMC snap-in (Personal --> Request New Certficate ) which has the private key and is intended for client and server authentication. I also made sure that I am using an admin accont and Application Data --> Microsoft --> Crypto -->RSA --> key file has the necessary full permissions to the admin account I am using.
Please let me know if any one has any idea on this. - Thanks
Wednesday, December 09, 2009 1:58 AMModeratorHi,
Could you generate the certificate using the following steps:
The certificate does require some stringent properties. Among them is the Enhanced Key Usage of ServerAuthentication and ClientAuthentication as well as a SubjectName that equals the FQDN of the machine in question (System.Net/Http.sys requirement). Creating one for testing purposes is fairly easy however:
1. Make cert and pvk file for CA (Trusted Root Certificate which can be the same on each participating machine)
makecert.exe -pe -n CN=MSDTC-Wsat-CA -cy authority -r -sv Msdtc.pvk Msdtc.cer
2. Install CA cert
makecert.exe -ss Root -sr LocalMachine -n CN=MSDTC-Wsat-CA -cy authority -r -sv Msdtc.pvk
3. Make/Install cert from CA's pvk file and cert file (Certificate which is different for each participating machine -- Chains to the CA cert created above)
makecert -ss My -sr LocalMachine -n CN=%COMPUTERNAME%.%USERDNSDOMAIN% -sky exchange -ir LocalMachine -iv Msdtc.pvk -ic Msdtc.cer
If computers are on a workgroup, remove the .%USERDNSDOMAIN% from the above command
Rafael Barcelos - SDET Transactions/Agreements Team
- Proposed As Answer by RafaBarcelosModerator Saturday, December 12, 2009 12:41 AM
- Marked As Answer by Jason Van Eaton - MSFTMicrosoft Employee, Moderator Friday, January 15, 2010 10:22 PM