Mailing List



NerdyHearn - Blog

<< Back To All Blogs

Resolving IIS SSL Handshake Error

Sunday, February 13th, 2011

We recently came across an issue which all new SSL certificate applications were failing and presenting users with an SSL Handshake error. IIS was accepting the certificates properly but there was still an error on the user end.

Upon a lot of further investigation and a support call from Microsoft we determined that someone had revoked permissions on the following path:

C:\Documents and Settings\All UsersApplication Data\Microsoft\Crypto\RSA\MachineKeys

Resetting to the default permissions on this directory resolved the issue. More information on the required default permissions can be found in "Default permissions for the MachineKeys folders", Article ID : 278381.

We used a tool called SSLDiag, which is part of the IIS 6.0 Resource Kit tools and freely available from Microsoft to get a more detailed error report. It reported “CryptAcquireCertificatePrivateKey failed”. The context under which IIS is running could not access its private key. We used the information in the above knowledge base article to check, then subsequently correct, the permissions on the MachineKeys folder.

This was a unique issue and the first time I ever ran across this. Hope this helps some of you out.

IISin' Tom Out.


Currently no comments.

Add A Comment



Email Address: (not public, used to send notifications on further comments)


Enter the text above, except for the 1st and last character:

NerdyHearn - Latest tech news relating to C#, ASP.NET, SharePoint, PHP, general development, and more. SaveMySerials - Protect yourself from theft, fire, natural disasters and more by recording your serial numbers