<< Back To All Blogs
Resolving IIS SSL Handshake Error
Sunday, February 13th, 2011
We recently came across an issue which all new SSL certificate applications were failing and presenting users with an SSL Handshake error. IIS was accepting the certificates properly but there was still an error on the user end.
Upon a lot of further investigation and a support call from Microsoft we determined that someone had revoked permissions on the following path:
C:\Documents and Settings\All UsersApplication Data\Microsoft\Crypto\RSA\MachineKeys
Resetting to the default permissions on this directory resolved the issue. More information on the required default permissions can be found in "Default permissions for the MachineKeys folders", Article ID : 278381.
We used a tool called SSLDiag, which is part of the IIS 6.0 Resource Kit tools and freely available from Microsoft to get a more detailed error report. It reported “CryptAcquireCertificatePrivateKey failed”. The context under which IIS is running could not access its private key. We used the information in the above knowledge base article to check, then subsequently correct, the permissions on the MachineKeys folder.
This was a unique issue and the first time I ever ran across this. Hope this helps some of you out.
IISin' Tom Out.
Currently no comments.
Add A Comment
Email Address: (not public, used to send notifications on further comments)
Enter the text above, except for the 1st and last character: