Managing Private Keys

If the account used for the NES Application Pool is not LocalSystem, perform the following procedure to grant NES access to the L2 private key.

1. From the Windows Start Menu, type Manage Computer, and then select Manage Computer Certificates.
   The certlm window appears.
2. Navigate to Personal > Certificates folder.
   A list of certificates displays.
3. Right-click the NES L2 CA and select All Tasks and then select Manage Private Key....
4. On the User Account Control dialog, click Yes.
5. Select the Security tab and then click the Add button.
6. In the new window, click Add, which opens the Select Users, Computers, Service Accounts, or Groups window.
7. Type the account that was selected to be used with the NES Application Pool and then click OK.
8. In the Permissions area, assign the following permissions under Allow:
   • Full control
   • Read

   Figure 1. Setting Private Key Permissions
9. Click OK.