Issue with Self Signed Cert in WCF - Must have Private Key
Solution 1
You can use IIS 7.0/7.5 Just Start->Run ->inetmgr Select the server Under "Security" panel, go to "Server Certificates" In the left pane click - "Create Self Signed Certificate" and complete the process The crtfiticate will get installed in LocalMachine StoreLocation under Personal storename. Now use this certificate in your WCF service and you will not face this error
Solution 2
Figured it out.
Assuming you have a self signed cert at c:\OutCert the following command will work. I had left off the -sky exchange.
makecert -sk SignedByCA -iv c:\OutCert.pvk -n "CN=MyLocalHost" -ic c:\OutCert.cer -sr LocalMachine -ss My -sky exchange pe
Now you can go into the MMC tool and manage the private keys and grant IIS access to the key. To manage private keys, right-click on the certificate and select All Tasks / Manage Private Keys
.
JoshBerke
Developing with Microsoft Technologies for over 18 years.
Updated on July 24, 2022Comments
-
JoshBerke almost 2 years
I am creating a WCF service hosted within IIS7 on Windows Vista SP1. I am getting the following error:
The certificate 'CN=SignedByLocalHost' must have a private key that is capable of key exchange. The process must have access rights for the private key.
It looks like I would need to give the host process assess to the certificate which was done in the past with winhttpcertcfg which has been deprecated for Vista. The article I found indicates to use the certificate console, but I am missing somethign because I don't see any capability to edit my cert.
Any help would be great!
Thanks
-
JL. over 14 yearsExplain please - in detail how you go to the MMC tool and manage the private keys?
-
essedbl about 13 yearsWhere is this All Tasks/Manage Private Keys? I am running Windows 2008 R2, and I don't see that option in the MMC Snap in...
-
Jim Flood about 13 years@essedbl: If you right-click on a certificate in the MMC Certificates snap-in, then click on All Tasks, and all you see is Open and Export..., then double-click on the certificate and you won't see any mention of a private key -- there is none attached. Try a certificate in Personal, which says, "You have a private key that corresponds to this certificate" on the General tab, and then try right-click "All Tasks", and you'll see the "Manage Private Keys...". It's only displayed if a private key is there to be managed.
-
JoshBerke over 12 yearsThat's a heck of a lot easier, then my way. My way is the old IIS6 approach
-
Malik about 12 yearsIf you still don't see "Manage Private Keys...", make sure you're using the 'Computer account' certificate store and not the 'My user account' store when loading the MMC snap-in.
-
Brian about 11 yearsThe "Manage Private Keys" option is only found under LocalMachine/StoreName. You won't find it under CurrentUser/.. or Service/.. , at least not in Win7. But once you perform the management, you can then export or copy the certs to other stores (like Currentuser / Service) and it should retain the same rights.
-
JoshBerke about 11 yearsIf your on Windows 7 follow the first answer.