Application pool identity and certificate issue RRS feed

  • Question

  • User-336515648 posted


    Hopefully this is posted in the right spot. We are having trouble with a 2 way SSL setup with our customer. We pinned the problem down to our application pool user and the certificate on our end. So here's the issue: From the tracing our customer and us did, we found out that the 2 way ssl process we have setup works up to the point at the end where we have to send our cert over to them. That's the problem, it is not sending our cert over to them. All of our application pools use a domain service account to talk back to our sql backend. This is how we had it setup during testing. We decided to remove that domain user and just use local system as the user for it, and it was then able to complete the 2 way ssl process successfully. The only issue is that now it couldn't talk to the sql backed because we removed that user.

    So my issue is how to retain that domain service user and have it pass on the cert stuff the other side needs. What I have tried to fix this issue is two things. First I logged on with the domain service account user and installed the cert under it (I also made that service user a local admin on the machine). I also tried to take our cert under the computer account and gave full control security permissions to the domain service account, IIS_IUSRS, and even Everyone, by changing "manage private keys for it. Both of these attempts did not fix the issue.

    So how can I get our domain service account to grab this cert and send it over to the client? Any help would be much appreciated.


    Tuesday, February 12, 2019 5:20 PM

All replies

  • User-848649084 posted

    Hi barcode2328,

    Could you explain how you configure two ssl and what is your actual requirement?



    Wednesday, February 20, 2019 7:22 AM