Issue with Self Signed Cert in WCF - Must have Private Key

wcf ssl certificate self-signed
15,139

Solution 1

You can use IIS 7.0/7.5 Just Start->Run ->inetmgr Select the server Under "Security" panel, go to "Server Certificates" In the left pane click - "Create Self Signed Certificate" and complete the process The crtfiticate will get installed in LocalMachine StoreLocation under Personal storename. Now use this certificate in your WCF service and you will not face this error

Solution 2

Figured it out.

Assuming you have a self signed cert at c:\OutCert the following command will work. I had left off the -sky exchange.

makecert -sk SignedByCA -iv c:\OutCert.pvk -n "CN=MyLocalHost" -ic c:\OutCert.cer -sr LocalMachine -ss My -sky exchange pe

Now you can go into the MMC tool and manage the private keys and grant IIS access to the key. To manage private keys, right-click on the certificate and select All Tasks / Manage Private Keys.

Share:
15,139
JoshBerke
Author by

JoshBerke

Developing with Microsoft Technologies for over 18 years.

Updated on July 24, 2022

Comments

  • JoshBerke
    JoshBerke almost 2 years

    I am creating a WCF service hosted within IIS7 on Windows Vista SP1. I am getting the following error:

    The certificate 'CN=SignedByLocalHost' must have a private key that is capable of key exchange. The process must have access rights for the private key.

    It looks like I would need to give the host process assess to the certificate which was done in the past with winhttpcertcfg which has been deprecated for Vista. The article I found indicates to use the certificate console, but I am missing somethign because I don't see any capability to edit my cert.

    Any help would be great!

    Thanks

  • JL.
    JL. over 14 years
    Explain please - in detail how you go to the MMC tool and manage the private keys?
  • essedbl
    essedbl about 13 years
    Where is this All Tasks/Manage Private Keys? I am running Windows 2008 R2, and I don't see that option in the MMC Snap in...
  • Jim Flood
    Jim Flood about 13 years
    @essedbl: If you right-click on a certificate in the MMC Certificates snap-in, then click on All Tasks, and all you see is Open and Export..., then double-click on the certificate and you won't see any mention of a private key -- there is none attached. Try a certificate in Personal, which says, "You have a private key that corresponds to this certificate" on the General tab, and then try right-click "All Tasks", and you'll see the "Manage Private Keys...". It's only displayed if a private key is there to be managed.
  • JoshBerke
    JoshBerke over 12 years
    That's a heck of a lot easier, then my way. My way is the old IIS6 approach
  • Malik
    Malik about 12 years
    If you still don't see "Manage Private Keys...", make sure you're using the 'Computer account' certificate store and not the 'My user account' store when loading the MMC snap-in.
  • Brian
    Brian about 11 years
    The "Manage Private Keys" option is only found under LocalMachine/StoreName. You won't find it under CurrentUser/.. or Service/.. , at least not in Win7. But once you perform the management, you can then export or copy the certs to other stores (like Currentuser / Service) and it should retain the same rights.
  • JoshBerke
    JoshBerke about 11 years
    If your on Windows 7 follow the first answer.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

WCF Exception - The client certificate is not provided
Create a Self-Signed Certificate within IIS Express
Certificate stops working after computer reboot
WCF Self signed certificate is not trusted on the client
A call to SSPI failed, see inner exception when running the call a second time?
X.509 certificate can't find with "FindBySubjectName"
Is it possible to force the WCF test client to accept a self-signed certificate?
Getting Chrome to accept self-signed localhost certificate
BasicHttpBinding using transport sercurity with Self signed Certificate
Self-signed cert for gRPC on Flutter