IIS Server Security - SSL Request File

Author

SSL Request File - Access Denied

Mike

2005-10-05, 9:03 pm

We have a Windows 2003 Web Edition server that up until recently has run fine
hosting many sites that use SSL certificates. Now when we try to create a
certificate request file in IIS6 we get an Access is Denied error on the last
step.

Using IIS6 we go to properties for the domain, then to Directory Security,
then to Server Certificate, once there we fill the the information but when
it gets to the very last step where it saves the file we get the Access is
Denied error. We're logged in as the administrator, and have tried saving it
to many different locations, all with the same error.

To try and get around the error we created the domain on another server and
completed the certificate request, installed the certificate, then exported
it and imported it into the Win2003 box, but we get "An internal error
occured. This can be either the user profile is not accessable or the private
key that you are importing might require a cryptographic service provider
that is not installed on your system".

The certificate issuer is Comodo (InstantSSL), and we have many other sites
running their certificates on this server.

Any ideas?

Thanks,
--
Mike

Steve Schofield

2005-10-06, 2:49 am

You might need to install the root and intermediate certs on the box
locally.
I would check the vendors website to verify what should be on the server.

--
Thank you,

Steve Schofield
Microsoft MVP - ASP/ASP.NET
ASPInsider Member - MCP

http://www.orcsweb.com/
Managed Complex Hosting
#1 in Service and Support

"Mike" <Mike@discussions.microsoft.com> wrote in message
news:3CDD9BB4-503A-466B-860D-C2F93FFEE9BF@microsoft.com...
> We have a Windows 2003 Web Edition server that up until recently has run
> fine
> hosting many sites that use SSL certificates. Now when we try to create a
> certificate request file in IIS6 we get an Access is Denied error on the
> last
> step.
>
> Using IIS6 we go to properties for the domain, then to Directory Security,
> then to Server Certificate, once there we fill the the information but
> when
> it gets to the very last step where it saves the file we get the Access is
> Denied error. We're logged in as the administrator, and have tried saving
> it
> to many different locations, all with the same error.
>
> To try and get around the error we created the domain on another server
> and
> completed the certificate request, installed the certificate, then
> exported
> it and imported it into the Win2003 box, but we get "An internal error
> occured. This can be either the user profile is not accessable or the
> private
> key that you are importing might require a cryptographic service provider
> that is not installed on your system".
>
> The certificate issuer is Comodo (InstantSSL), and we have many other
> sites
> running their certificates on this server.
>
> Any ideas?
>
> Thanks,
> --
> Mike
>

Mike

2005-10-06, 7:51 am

I had already tried that without any success, then someone emailed me this
information:

“It turns out the permissions on \Documents and settings\All
Users\Application Data\Microsoft\Crypto\RSA\Machinekeys weren't set correctly
-- so I gave Administrator full access to that folder, and Everyone List
Folder / Read Data, Read Attributes, Read Extended Attributes, Create Files /
Write Data, Create Folders / Append Data, Write Attributes, Write Extended
Attributes and Read Permissions.”

And that fixed it. Thanks for your help!

--
Mike

"Steve Schofield" wrote:

> You might need to install the root and intermediate certs on the box
> locally.
> I would check the vendors website to verify what should be on the server.
>
> --
> Thank you,
>
> Steve Schofield
> Microsoft MVP - ASP/ASP.NET
> ASPInsider Member - MCP
>
> http://www.orcsweb.com/
> Managed Complex Hosting
> #1 in Service and Support
>
> "Mike" <Mike@discussions.microsoft.com> wrote in message
> news:3CDD9BB4-503A-466B-860D-C2F93FFEE9BF@microsoft.com...
>
>
>