Where is my private key ?

A lot of errors are coming up while working with X509. there is a lot of confusion of where do I need to store the certificate ? where is my private key ?

the common error is that developers installs the private key to a location that the program not allowed to access.

It can be difficult to find the location and name of the private key file associated with a specific X.509 certificate in the certificate store. The FindPrivateKey.exe tool facilitates this process.

X.509 certificates are installed by an Administrator or any user in the machine. However the certificate may be accessed by a service running under a different account (for example the ASPNET on Windows XP or the NETWORK SERVICE accounts on Windows Server 2003).

This account may not have access to the private key file because the certificate was not installed by it originally. The FindPrivateKey tool gives you the location of a given X.509 Certificate's private key file. You can add permissions or remove permissions to this file once you know the location of the particular X.509 certificates' private key file.

to get this tool go to http://msdn2.microsoft.com/en-us/library/aa717039.aspx
click on download sample and then browse to

Comments (2)

  1. yossita says:

    Or you can use the WSE2/3 GUI based certificate tool.

  2. nporter says:

    I have a Windows Service that needs to be able to read in a Private Key for use with a third-party key storage device. Is it possible using this method to identify where the Private Key lives in order to read it into memory and provide it to the third-parties API? It looks like the file is possibly encrypted. Do you have to do something with the file after you have identified it in order to format it in a usable fashion? Thanks very much!

Skip to main content