Error: 'ID1039: The certificate's private key could not be accessed

Question

I am implementing ADFS authentication in azure but I face the following problem:

An exception of type 'System.Configuration.ConfigurationErrorsException' occurred in System.IdentityModel.Services.dll but was not handled in user code

Additional information: ID1024: The configuration property value is not valid.

Property name: serviceCertificate

Error: 'ID1039: The certificate's private key could not be accessed. Ensure the access control list (ACL) on the certificate's private key grants access to the application pool user.

Thumbprint: 'df113454dsf1321(value here I changed the value)''

when I right click on the certificate and then click all task then it not show me the option for Manage Private Keys and gave access to IIS user. How I fix the problem. web.config file contents:

<serviceCertificate>
        <certificateReference x509FindType="FindByThumbprint" findValue="dfdsfdfdf(here I changed the value)" storeLocation="LocalMachine" storeName="My" />
</serviceCertificate>

Answer 1

I was getting same issue. The fix is, to allow the AppPool user (NETWORK SERVICE) to read the certificate private key).

• Open the MMC snap-in by running mmc.exe.
• Select File -> Add/remove snap-in. Select Certificates and click “Add”.
• Select “Computer Account”. Click Finish. Click Next.
• Drill down to Personal -> Certificates.
• Right-click your certificate and select All Tasks -> Manage private keys.
• Add NETWORK SERVICE and give it “read” privileges.

Thanks, Shivesh