WCF Error : 'It is likely that certificate 'my cert' may not have a private key that is capable of key exchange

c# wcf iis wcf-binding wcf-security
29,430

Solution 1

I had this problem, and it turned out that the account the service was running under did not have permissions to access the certificate's private key.

Here are the steps I used to solve it:

  • Start the Cetificate manager. Do this by running MMC, activate [File]-[Add/Remove Snap-in...], then add "Certificates", selecting "Computer Account" and "Local Computer" in the ensuing wizard dialogs.
  • In the certificate manager, right-click on the relevant certificate and activate [All Tasks]-[Manage Private Keys]
  • This gives you a permissions window. Click Add
  • Add the account name or group that this service runs under.

Solution 2

Seems like your certificate was created for signatures and not key exchange, what I suppose to be normal for SSL certificates.

If you look at the makecert documentation, you can see that the -sky switch lets you specify whether the certificate should be used for signatures or key exchange. You can try to create a self-signed certificate with type exchange and test whether the exception still occurs. Don't forget to put the self-signed certificate into the machine's trusted root certification authority folder in order to avoid exceptions that the certificate is not valid.

Solution 3

Same problem here. To fix the problem I added the following line to the <system.web> node of the web.config.

<httpRuntime targetFramework="4.7.2"/>

Share:
29,430
Bill Martin
Author by

Bill Martin

Love to void warranties. I make a wicked bowl of cereal.

Updated on July 05, 2022

Comments

  • Bill Martin
    Bill Martin almost 2 years

    I have a WCF service I'm trying to host on our production web server (IIS6). I've set the web up and tied our cert to the web. When I try to browse to the service url, I receive the following error in the event log :

    The exception message is: It is likely that certificate 'CN=.mydomain, OU=Secure Link SSL Wildcard, OU=I.T., C=US' may not have a private key that is capable of key exchange or the process may not have access rights for the private key. Please see inner exception for detail.. ---> System.ArgumentException: It is likely that certificate 'CN=.mydomain.com, OU=Secure Link SSL Wildcard, OU=I.T., O=mydomain, C=US' may not have a private key that is capable of key exchange or the process may not have access rights for the private key. Please see inner exception for detail. ---> System.Security.Cryptography.CryptographicException: The handle is invalid.

    I've confirmed ASP.Net 1.1, 2, and 4 are all set to 'Allow' in 'Web Service Extensions'. I've also confirmed the cert is set up in iis and it shows 'You have a private key that corresponds to this certificate'. Also, Execute Permissions are set to 'Script and Executables'.

  • Bill Martin
    Bill Martin over 11 years
    Used makecert,created a cert with the exchange param and imported. Updated the web.config to point to the new cert and getting the same error. Anything else I can try?
  • Ilaria
    Ilaria about 7 years
    when i checked manage private keys i saw my user have permissions but i am still getting this error?
  • AH.
    AH. almost 6 years
    I don't see "Manage Private Keys" anywhere in MMC when right-clicking the certificate.
  • Gromer
    Gromer over 5 years
    This saved me this morning. Thanks!!
  • L C
    L C over 5 years
    had that problem during a product roll-out with a new certificate. Really helped me out of s***. thx buddy!
  • M. Boeckx
    M. Boeckx over 4 years
    @AH. Be sure to run MMC as an administrator. Try right clicking on a key in the personal store and see if the option shows up there. Also make sure you're using a .pfx certificate, not a .cer one.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

WCF - Cannot obtain Metadata
Error in Protocol Mapping While hosting a WCF service in IIS
500 Server error when hosting WCF
Configuring WCF for wsHttpBinding
Is Application_Start of Global.asax is called by iis on wcf application when the iis is the host ?
MVC web app (https) calling a WCF Service (https) that also requires a SSL certificate for authentication
EndpointNotFoundException - 404 - Hosting WCF Service over HTTPS in IIS through Visual Studio
Configure WCF Client to consume a WCF Service using HTTP GET
WCF "A call to SSPI failed, see inner exception"
Get username in WCF service using basic auth with IIS