SSL certificates won't load into an IIS worker process unless "LoadUserProfile" is enabled - by Dmitry Me

Status : 

  Won't Fix<br /><br />
		Due to several factors the product team decided to focus its efforts on other items.<br /><br />
		A more detailed explanation for the resolution of this particular item may have been provided in the comments section.

Sign in
to vote
ID 790360 Comments
Status Closed Workarounds
Type Bug Repros 0
Opened 6/18/2013 2:09:08 AM
Access Restriction Public


I have an ASP.NET application that runs inside IIS 7 on Windows Server 2008 SP1 with the application pool configured to run under a local user belonging to "Users" local group. I have a .pfx file with an SSL certificate with private key. The following code:

    var data = File.ReadAllBytes(pathToPfxFile);
    var cert = new X509Certificate2(data, password);

yields "System.Security.Cryptography.CryptographicException Object was not found." unless I reconfigure IIS pool to have "LoadUserProfile" enabled.

This is a big problem.

First, why does loading a certificate from a file (not cert storage) depend on user profile being loaded. Second, why is the message so obscure and useless - how should I have figured out how to resolve the issue?
Sign in to post a comment.
Posted by Morgan [MSFT] on 6/20/2013 at 10:28 PM
Thank you for your feedback. When you load a PFX file with X509Certificate2, the private key is placed in either the user or machine key store. By default, the user key store is chosen, which is only available with the user profile loaded. If your process has administrative privileges, you can specify the machine key store by using new X509Certificate2(data, password, X509KeyStorageFlags.MachineKeySet).

At this time, we will not be able to make a change to improve the experience for this error. However, we will consider it for a future version.
Posted by Macy [MSFT] on 6/19/2013 at 2:10 AM
Thanks for your feedback.

We are rerouting this issue to the appropriate group within the Visual Studio Product Team for triage and resolution. These specialized experts will follow-up with your issue.
Posted by Macy [MSFT] on 6/18/2013 at 2:50 AM
Thank you for your feedback, we are currently reviewing the issue you have submitted. If this issue is urgent, please contact support directly(