Share via


X.509 Certificate Tool

The X.509 Certificate tool displays details about X.509 certificates stored on the local computer. This information helps you diagnose configuration issues related to X.509 certificates.

To configure X.509 certificates using a command line tool, see WinHttpCertCfg.exe, a Certificate Configuration Tool.

Starting the X.509 Certificate tool

To run the X.509 Certificate tool

  • Click Start, point to All Programs, point to Microsoft WSE 3.0, and then click X.509 Certificate Tool.

    The following screen shot shows the X.509 Certificate tool.

Using the X.509 Certificate tool

You can do the following with the X.509 Certificate tool:

  • View details about an X.509 certificate
  • View the attributes of the file containing the private key for an X.509 certificate

To view details about an X.509 certificate

  1. Enter the Certificate Location and Store Name for the X.509 certificate.

  2. Click Open Certificate.

  3. Choose the X.509 certificate, and then click OK.

To view the attributes of the file containing the private key for an X.509 certificate

  1. Enter the Certificate Location and Store Name for the X.509 certificate.

  2. Click Open Certificate.

  3. Choose the X.509 certificate, and then click OK.

  4. Click View Private Key File Properties.

    A dialog box appears with file properties for the file containing the private key associated with the X.509 certificate. You can use this dialog box to give permission to the user account that the WSE is running under by doing the following:

    1. Click the Security tab.
    2. If the user account that the WSE is running under is not listed in the Group or user names list, click Add.
      The account that the WSE runs under is controlled by the <processModel> element in the Machine.config file, unless the Web service is running under Internet Information Services version 6.0. Set the userName attribute of the <processModel> element to specify the account ASP.NET runs under. By default, the userName attribute is set to the special Machine account, which maps to the low-privileged ASPNET user account created when the .NET Framework SDK is installed. IIS 6 uses application pools to determine the process identity, and the default account that a Web service runs under is Network Service.
      The Select Users, Computers, or Groups dialog box appears.
    3. In the Enter the object names to select box, type the name for the user account that the WSE is running under, and then click OK.
    4. Select the Allow check box for the Read permission.
    5. Click OK.

See Also

Other Resources

WSE Tools
Managing X.509 Certificates
X.509 Certificate