Cannot create self-signed SSL certificate with IIS 7

iis-7 ssl-certificate certificate
8,719

Solution 1

Check the permissions on the C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys folder. On my domain joined W2k8 member server the permissions are set like so:

Everyone
List folder / read data
Read attributes
Read extended attributes
Create files /write data
Create folders / append data
Write attributes
Write extended attributes
Read permissions
This folder only

SERVER\Administrators Full Control This folder only

No inheritance

Additionally, all of the files in this folder have their own permissions. You may want to see if your self signed cert is being created and deleted when the access denied error appears.

Solution 2

Did you run the IIS7 snapin as Administrator? If you right click on the IIS7 icon and click on "Run as Administrator" it should work.

Solution 3

Have you tried using the Administrator user account? I know sometimes that even though I may be using an administrative account, Windows wants the Administrator for performing certain operations.

One example that I have encountered with that scenario was running adprep on a domain controller so that I could join a Windows Server 2008 R2 box to the domain. No matter that I was an Enterprise Admin, it would not let me with my account. I had to Run As Administrator.

Share:
8,719

Related videos on Youtube

Matt Hanson
Author by

Matt Hanson

Network Support Analyst in BC, Canada

Updated on September 17, 2022

Comments

  • Matt Hanson
    Matt Hanson almost 2 years

    I'm trying to create a self-signed certificate from within the IIS 7 snap-in, with little luck. When prompted for a friendly name for the certificate, I type in the name, and click OK, but then I am shown:

    There was an error while performing this operation. Details: Access is denied.

    I am doing this while logged on with an account with full administrative privileges.

    Any ideas?

  • Matt Hanson
    Matt Hanson almost 15 years
    I tried that, with no luck.
  • Matt Hanson
    Matt Hanson almost 15 years
    That was one of my first suspensions, as I actually have the default administrator account disabled. I did try enabling it and rebooting, but had the same result.
  • Matt Hanson
    Matt Hanson almost 15 years
    My folder permissions were listed exactly as yours. By changing SERVER\Administrators from "This folder only" to "This folder, subfolders, and files" I had immediate success. It appears that my certificates were be created, but inaccessible, like you hinted at.
  • ila
    ila about 14 years
    Yes the same happened to me, and this hint saved my evening :-) Thanks

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Getting ASN1 bad tag error when trying to complete certificate request in IIS7
IIS7: can't set host name on site with SSL cert and port 443
Certificate does not have a name
CA Certificate request failure - The RPC server is unavailable - DCOM was unable to communicate with the computer
Connecting to MySQL server with ssl
Error while creating self-signed SSL certificate
IIS 7.5 Client certificate authentication
Spring security, ssl ldap and no certificate
How to create a single line x509 certificate that can be parsed by OpenSSL commandline tool
SSL certificate not accepted