Thanks. I'll ignore the rest of the world bit. I'll never surrender.
winhttpcertcfg was already looked at (It's mentioned in one of the APM manuals IIRC). And is only concerned with adding access to the PRIVATE key... You can just verify the PUBLIC key of the cert (That's the unverified exit from check_machine_cert). But my issue is that OESIS doesn't even find that. Even for administrator...
Is there a way to map the repository name (In F5 the default is MY) to the location of the certs (LOCAL Machine - Certificates - Personal) ? I'm wondering if that's the issue... Although I'd expect the oesis test tool to at least LIST all the certs it COULD find...
Cheers
H