Certificate Private Key Access error on Windows Server 2012 IIS 8.5

Question

0.00/5 (No votes)

See more:

Environment: Windows Server 2012
IIS 8.5

Unable to giving permission using winhttpcertcfg on IIs 8.5 but working fine on IIS 6.0. Please advice. Thanks.
Error: Access was not successfully obtained for the private key.
This can only be done by the user who installed the certificate.

C:\Program Files (x86)\Windows Resource Kits\Tools>winhttpcertcfg -i E:/xyz.pfx -c LOCAL_MACHINE\My -a OACTCISSxxx -p "xxx"
Microsoft (R) WinHTTP Certificate Configuration Tool
Copyright (C) Microsoft Corporation 2001.

Imported certificate:
E=xxx.testwebservice@jstate.pa.us
CN=ixxx testwebservice
OID.0.9.2342.2220300.100.1.1=xxx.testWebservice
OU=xyz
O=Commonwealth of oa

Granting private key access for account:
OACTCISSxxx\
Imported certificate:
CN=Commonwealth of oaJNET TEST CA - G2
OU=FOR TEST PURPOSES ONLY
O=Commonwealth of oa
C=US

Error: Access was not successfully obtained for the private key.
This can only be done by the user who installed the certificate.

Posted 18-Jun-15 11:19am

srinivaskalagara

Add a Solution

Comments

Hamassss 19-Jun-15 9:12am

So you have some web app you want to start on IIS 8.5 and you get error
"Access was not successfully obtained for the private key.
This can only be done by the user who installed the certificate."
???

srinivaskalagara 19-Jun-15 15:50pm

Yes. To access Private key it needs network permission. Permission was granted and worked on Windows Server 2003 but failing when it comes to Windows Server 2012 on IIS 8.5. Any suggestions please.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Hamassss · Answer 1 · 2015-06-22T00:26:00

I would guess that if you want your web application deployed on IIS to use certificate from windows cert store, you need to set that application to run as user that you installed that certificate for, so that it have access to its private key. Or at least to run as admin if you installed certificate for root user.
"This can only be done by the user who installed the certificate" as error say.
I suggest going to IIS --> Application pools --> YOUR APP --> Advanced settings
--> Identity --> ... --> Custom account --> Set and provide user info for one that uses that certificate.
Hope this helps