Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,512 questions
WinHttp cannot open SSL connection as Network Service -> 12185
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 33%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
Rudolf Meier
291
Reputation points
I try to make a WinHttp from my service. This service runs in a restricted account (why? well, everyone tells me, that we should do this, because it is safer... but, it is also enormously complicated to find out how the f... to get access to what we need and why things don't work).
So... WinHttp requests work if they use http. But they don't, when I use https ... I get an error ERROR_WINHTTP_CLIENT_CERT_NO_PRIVATE_KEY (12185) ... now, if I run this service in an other account, it works. So it is a permissions problem. ... what did I try? Well, I tried to set the certificate with WINHTTP_OPTION_CLIENT_CERT_CONTEXT and then I did set a certificate I have access to. And this certificate does have a private key... which I can read (all tested...) but, it seems, that for what reason ever, WinHttp cannot find this key or thinks, that the certificate does not have one...
The question now is -> how to solve that?
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 34%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXY%3C/text%3E%3C/svg%3E)
Xiaopo Yang - MSFT 12,226 Reputation points Microsoft Vendor2024-07-09T02:07:03.2766667+00:00 According to WinHttpCertCfg.exe, a Certificate Configuration Tool,
However, importing a certificate does not automatically grant access to the private key for other accounts. This private key is required for client certificate authentication. The Microsoft Windows HTTP Services (WinHTTP) certificate configuration tool provides the ability to grant access to additional accounts, such as the IWAM account, when required.
You may try it to troubleshoot such as listing accounts, granting access. And you can also use Netsh.exe commands to trace.
Sign in to comment