NerdyHearn
Home
Blog

Contact
Mailing List

Software

Active Directory Products
Object Compare
Permission Compare

IPhone Products
Calls To Calendar
SMS To CSV
SMS To Gmail
Voicemail To Gmail

Sites
DocuTerminal
How Long For Me
My Music To Me
SaveMySerials
TypeCount

Blog
Twitter

NerdyHearn - Blog


<< Back To All Blogs

Resolving IIS SSL Handshake Error

Sunday, February 13th, 2011

We recently came across an issue which all new SSL certificate applications were failing and presenting users with an SSL Handshake error. IIS was accepting the certificates properly but there was still an error on the user end.

Upon a lot of further investigation and a support call from Microsoft we determined that someone had revoked permissions on the following path:

C:\Documents and Settings\All UsersApplication Data\Microsoft\Crypto\RSA\MachineKeys

Resetting to the default permissions on this directory resolved the issue. More information on the required default permissions can be found in "Default permissions for the MachineKeys folders", Article ID : 278381.

We used a tool called SSLDiag, which is part of the IIS 6.0 Resource Kit tools and freely available from Microsoft to get a more detailed error report. It reported “CryptAcquireCertificatePrivateKey failed”. The context under which IIS is running could not access its private key. We used the information in the above knowledge base article to check, then subsequently correct, the permissions on the MachineKeys folder.

This was a unique issue and the first time I ever ran across this. Hope this helps some of you out.

IISin' Tom Out.

Comments

Currently no comments.

Add A Comment

Name:


URL:


Email Address: (not public, used to send notifications on further comments)


Comments:



Enter the text above, except for the 1st and last character:


NerdyHearn - Latest tech news relating to C#, ASP.NET, SharePoint, PHP, general development, and more. DocuTerminal - Online Filing Cabinet solution. Scan, search and archive your paper documents. SaveMySerials - Protect yourself from theft, fire, natural disasters and more by recording your serial numbers My Music To Me - Stream your subsonic music collection to your Sonos wireless system TypeCount - Count how often you type across different computers! ServrTrackr - Monitor your SSL certificates, website uptime, and DNS configurations