SSL certificate sometimes stops working

security iis ssl certificate
32,010

Solution 1

An article I found resolved the issue: https://techcommunity.microsoft.com/t5/iis-support-blog/error-hresult-0x80070520-when-adding-ssl-binding-in-iis/ba-p/377281

FYI, we have checked all three options.

If this error should come up again, I will post it here.

Solution 2

I too have had this problem. My server service was working fine for hours if in use but if left for 45 minutes without a call, it would get this error. So there was some sort of timeout or other expiry occurring. I wrote a utility to monitor my service, and of course that kept it alive. So I adjusted times, and found the period that let it fail. I re-examined all the web references I'd used, and found that re-reading the article at paulstovell.com it mentioned the PersistKeySet property. Changing my code which prepares the certificate to include this, so it is now like:

  X509Certificate2 cert = new X509Certificate2(file, password, X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);

has fixed the problem, and the certificate no longer expires or times out with the 0x8009030d error. And of course this makes sense, as the error is about there being no key, and persisting it is what is required.

http://paulstovell.com/blog/x509certificate2

Solution 3

by editing the permission on C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys I have resolve the same issue thanks

Share:
32,010
Gecko
Author by

Gecko

Passionate .NET Developer.I love WEB API, JavaScript and all things Angular. Briefly, I am into new technologies! Currently self employed at Gecko IT. You can follow me on Twitter and follow my code on Github.

Updated on January 27, 2021

Comments

  • Gecko
    Gecko over 3 years

    Sometimes, mostly at nighttime, our SSL certificates just stop working. The error accompanying this fault is:

    A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.

    To solve this at the moment, we just change the SSL binding of the faulting website to a different site, save it and switch it back. That way, the certificate is picked up again and works (magic).

    The question is: How can we prevent this from happening? Every time this happens (now twice in the last 6 months), the sites are down.

  • Artiom
    Artiom almost 8 years
    I had the same issue, and it happened every 3 hours! At least every day... I spend too much time to resolve such a stupid problem, and yes, I used the same solution :) Now the question is: which of this 3 Scenarios fixed my problem? and the second: How to apply this fixes programmatically?
  • NitrusCS
    NitrusCS over 6 years
    I tried the X509Certificate2 cert = new X509Certificate2(file, password, X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable); solution and the private key still disappears after about 30-40 minutes.
  • Dharmesh Tailor
    Dharmesh Tailor about 6 years
    Applied permission to the folder "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" and it worked.
  • Sabito 錆兎 stands with Ukraine
    Sabito 錆兎 stands with Ukraine over 3 years
    Links to external resources are encouraged, but please add context around the link so your fellow users will have some idea what it is and why it’s there. Always quote the most relevant part of an important link, in case the target site is unreachable or goes permanently offline. Answers that are little more than a link may be deleted

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Error while creating self-signed SSL certificate
What does my installed .cer certificate not show in IIS?
Using SSLv3 in IIS 6.0
How to make a self-signed certificate trusted?
Every website is showing untrusted certificate warning on all browsers
Securing Remote Desktop Connections With SSL Certificate From a Trusted Certificate Authority
Why do I have untrusted certificates for Google, Yahoo, Mozilla and others?
Let's encrypt + certbot: where is the private key
Firefox: This connection is untrusted + Behind corporate firewall
Why do some websites change SSL certificates so frequently?