I'm writing some SSL code, and I've found that it can only open and use the necessary certificate if the current user has administrative privileges, and our client is adamant that this code must work for ordinary users (and they don't want to move the certificate).
1. The certificate is installed in the personal store of CERT_SYSTEM_STORE_LOCAL_MACHINE. It has a private key.
2. This line of code:
CertOpenStore( CERT_STORE_PROV_SYSTEM, 0, NULL, CERT_SYSTEM_STORE_LOCAL_MACHINE, L"MY" );
Works fine and dandy for Administrator, but for other users fails, and GetErrorCode returns 5 (ERROR_ACCESS_DENIED).
3. I can get CertOpenStore to work for non-admin users by adding the flag CERT_OPEN_READONLY_FLAG. If I do that I can also apply the context and all that without problems.
However, when I actually try to send an SSL message like this: