Tuesday, 9 August 2011

Oh, no, it's another certificates post

I came across a puzzling issue yesterday. I was trying to export a certificate as PFX file but I couldn't. The option to export the private key was greyed out and there was a little message informing me that The associated private key cannot be found. Only the certificate can be exported, see screenshot below.


This turns out to be yet another file permissions issue. When you make a certificate request from IIS, the private key is stored as a file in this directory C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys and Administrators as well as the System need to have Full Control of these files, if this is not the case you will get the issue above.


To compound the issue, if you have processed the request, rather than simply installed the certificate, it seems that you are past the point of no return and you need a new certificate request, which should be trivial, but in some places it seems to involve loads and loads of paperwork. I've not actually tested this, but read about it here.

No comments:

Post a Comment