Cannot create self-signed SSL certificate with IIS 7

certificateiis-7ssl-certificate

I'm trying to create a self-signed certificate from within the IIS 7 snap-in, with little luck. When prompted for a friendly name for the certificate, I type in the name, and click OK, but then I am shown:

There was an error while performing this operation. Details: Access is denied.

I am doing this while logged on with an account with full administrative privileges.

Any ideas?

Best Answer

Check the permissions on the C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys folder. On my domain joined W2k8 member server the permissions are set like so:

Everyone
List folder / read data
Read attributes
Read extended attributes
Create files /write data
Create folders / append data
Write attributes
Write extended attributes
Read permissions
This folder only

SERVER\Administrators Full Control This folder only

No inheritance

Additionally, all of the files in this folder have their own permissions. You may want to see if your self signed cert is being created and deleted when the access denied error appears.

Best Answer

Related Solutions

Iis – SSL certificate on IIS 7

Ssl – Installing SSL Certificate for use in IIS7, installation “works”, but cert listing disappears

Related Topic