Can I store certificates in the personal store of a virtual service account?

We’d like to make use of virtual accounts (https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd548356(v=ws.10)?redirectedfrom=MSDN#using-virtual-accounts) to run some of our applications on our own servers.

It seems easy enough to do, however: some of our applications need access to certain certificates in order to communicate with other (remote) services.

I’ve installing certificates to the user store for a virtual account, and I’ve also tried granting private key access to a cert in the local machine account, both of which seem to have failed.

Is what I’m trying to do impossible?

Go to Source
Author: Richiban

Installing Certificate Authority

I have used this guide to install, in my lab a 2-tier PKI on Windows Server 2019
https://social.technet.microsoft.com/wiki/contents/articles/15037.ad-cs-step-by-step-guide-two-tier-pki-hierarchy-deployment.aspx
I know that guide is pretty old but it seems to have been updated pretty recently. Some steps are slightly different in the newer Windows version but nothing that can’t be figured out. The only deviation from the guide is that I have combined the the roles of the issuing (CA02) and the CDP/AIA publisher (SRV1). Other than that I followed the guide step-by-step (or at least I think I have, there are a couple of parts that are not very clear). I have redone the whole thing a couple of times. I keep winding up with the same issue:
I cannot validate the ldap connections for AIA, CDP or DeltaCRL in PKIView. I also notice that the share location that I create during the initial setup of the issuing server has somehow changed to the CertEnroll folder under certsrv in system32 rather than C:CertEnroll where I created it. How the heck does that happen?!? I am not sure at what point in the process that changes. I’ve just noticed it when I am troubleshooting the pkiview fail after completing all the setup steps. I am obviously most concerned witht he PKIView failure, just really curious as to why that share location changes. Thanks for reading.Screenshot of PKIView

Go to Source
Author: RobS