You must Sign In to post a response.
  • Category: Webservices

    Certificate Private Key Access error on Windows Server 2012 IIS 8.5

    Environment: Windows Server 2012
    IIS 8.5

    Unable to giving permission using winhttpcertcfg on IIs 8.5 but working fine on IIS 6.0. Please advice. Thanks.
    Error: Access was not successfully obtained for the private key.
    This can only be done by the user who installed the certificate.

    C:\Program Files (x86)\Windows Resource Kits\Tools>winhttpcertcfg -i E:/xyz.pfx -c LOCAL_MACHINE\My -a OACTCISSxxx -p "xxx"
    Microsoft (R) WinHTTP Certificate Configuration Tool
    Copyright (C) Microsoft Corporation 2001.

    Imported certificate:
    E=xxx.testwebservice@jstate.pa.us
    CN=ixxx testwebservice
    OID.0.9.2342.2220300.100.1.1=xxx.testWebservice
    OU=xyz
    O=Commonwealth of oa


    Granting private key access for account:
    OACTCISSxxx\
    Imported certificate:
    CN=Commonwealth of oaJNET TEST CA - G2
    OU=FOR TEST PURPOSES ONLY
    O=Commonwealth of oa
    C=US


    Error: Access was not successfully obtained for the private key.
    This can only be done by the user who installed the certificate.
  • #759728
    Hello Srinivas Kalagara,

    Log in as the user that installed the certificate (or a local administrator). Launch the FindPrivateKey tool. Go to security pane and add your own user to the list. You can now login in as yourself and control the certificate's private key.

    I would recommend to use following command option:

    winhttpcertcfg -g -c LOCAL_MACHINE\My -s MyCertificate -a TESTUSER

    For more help you can refer the MSDN Code Library on below link:

    https://msdn.microsoft.com/en-us/library/aa384088(VS.85).aspx


    Hope this will help you.

    Regards,
    Nirav Lalan
    DNS Gold Member
    "Failure is the path of least persistence"

  • #759750
    Hai Srinivas,
    Did you check whether the certificate is compatible to the IIS 8.5
    Most of the time, these type of problem occurred when the key is not compatible with the IIS version.
    So make sure that the key certificate which you are using is compatible with the IIS version.
    Hope this will solve your issue.

    Regards,
    Pawan Awasthi(DNS MVM)
    +91 8123489140 (whatsApp), +60 14365 1476(Malaysia)
    pawansoftit@gmail.com


  • Sign In to post your comments