Hi Im working on a system where the user can store important information on a website. Using Ws2012, and IIS8
Im using EFS to encrypt the data in normal files. It need to be secure from the Admin on the server. (at least make it difficult to get the information) The files need to be en/decryptet in-flight.
It's actually working fine. Just by setting the folder as EFS and then the files saved by IIS are encryptet and the Admin cant get the content. So far so good.
Problem: But if the IIS is reinstalled, or the server needs to be rebuild/reinstalled then the files are not avalible for the "new" IIS, as the certificate is different. Normally I can login as a user and backup the EFS certificte, but how do i do this with IIS.
The idea is to have only one Admin (super trusted) to export the certificate and keep it safe. So all the "normal" admins cant get to it. So after a rebuild of the server the certificate can be reinstalled and the new IIS can access the files Again.
I have looked at several ways to get the certificate, but all explanations / examples uses a local logged in user, and not a "service" user like the IIS uses.
There could be 2 ways: One is when creating the site, a certificate would be installed for the IIS to use. This way export is not nessesery, and all sites uses the same certificate. But How?
Second way is to export the certificate the IIS uses, but How?
Hopefully this is a simple task, i just can't find it.
Regards Jesper
