I looked at this answer:
Install a pfx certificate in a users store in Windows using WiX
to install the certificate through wix and seemed to work fine, the certificates (i need two) were installed in the correct location stores and had the correct values for issues to and issued by.
However, when i tried to use them in my installed application, i get keyset does not exist exception.
When i manually install the pfx file using MMC->import from exactly the defined location in wix, it works fine.
The permissions are slightly different in the sense that wix has added owner rights and msiserver permissions and removes the temporary S-1-5-5-0-XXXXX read permission that i cannot manually add.
Does anyone have any idea what would be causing this problem?
This is not a permissions issue but a problem with the way msi’s are installed.
To get the required permissions to install a cert, this action has to be run as a deferred action, which runs under the system account.
The system account has no profile which I believe is required to install the cert with the private key (I reckon the private key is temporarily written to the profile before moving to the MachineKey store).
I have managed to get my msi to install the certificate with the private key but it was a bit of a mission…
As I said a bit of a mission but in now works perfectly! 🙂