Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Issue with Self Signed Cert in WCF - Must have Private Key

Tags:

certificate

ssl

self-signed

wcf

I am creating a WCF service hosted within IIS7 on Windows Vista SP1. I am getting the following error:

The certificate 'CN=SignedByLocalHost' must have a private key that is capable of key exchange. The process must have access rights for the private key.

It looks like I would need to give the host process assess to the certificate which was done in the past with winhttpcertcfg which has been deprecated for Vista. The article I found indicates to use the certificate console, but I am missing somethign because I don't see any capability to edit my cert.

Any help would be great!

Thanks

like image 640
JoshBerke Avatar asked Dec 05 '08 17:12

JoshBerke

People also ask

Does self-signed certificate have private key?

A self-signed certificate is a certificate that's signed with its own private key. It can be used to encrypt data just as well as CA-signed certificates, but our users will be shown a warning that says the certificate isn't trusted. The -days option specifies the number of days that the certificate will be valid.

Why does my certificate not have a private key?

A missing private key could mean: The certificate is not being installed on the same server that generated the CSR. The pending request was deleted from IIS. The certificate was installed through the Certificate Import Wizard rather than through IIS.

Do All certificates have a private key?

All TLS certificates require a private key to work. The private key is a separate file that's used in the encryption/decryption of data sent between your server and the connecting clients.

2 Answers

Figured it out.

Assuming you have a self signed cert at c:\OutCert the following command will work. I had left off the -sky exchange.

makecert -sk SignedByCA -iv c:\OutCert.pvk -n "CN=MyLocalHost" -ic c:\OutCert.cer -sr LocalMachine -ss My -sky exchange pe

Now you can go into the MMC tool and manage the private keys and grant IIS access to the key. To manage private keys, right-click on the certificate and select All Tasks / Manage Private Keys.

like image 186
JoshBerke Avatar answered Oct 17 '22 22:10

JoshBerke

You can use IIS 7.0/7.5 Just Start->Run ->inetmgr Select the server Under "Security" panel, go to "Server Certificates" In the left pane click - "Create Self Signed Certificate" and complete the process The crtfiticate will get installed in LocalMachine StoreLocation under Personal storename. Now use this certificate in your WCF service and you will not face this error

like image 33
Nitin Pande Avatar answered Oct 17 '22 22:10

Nitin Pande
Sign in to Comment

Related questions

HTTP 415 Cannot process the message because the content type 'application/json; charset=utf-8' was not the expected type 'text/xml; charset=utf-8'
Does WCF play well with Java?
Fastest method of communication with a Windows service
How to force a .net WCF client to use NTLM in an basicHttpBinding?
netTcpBinding without Windows credentials?
CommunicationException with 'not recognized sequence' message in WCF
Get metadata out of a webHttpBinding endpoint
The remote certificate is invalid according to the validation procedure
Dependency Injection in WCF services
What does the WS mean in WCF?
How should I secure my WCF Rest/JSON Services for use with an iOS/Android Application?
Making Backward-Compatible WCF Services
"There was no endpoint listening at..."
Serialize Generic type over WCF Service
Is TransportWithMessageCredential without certificate secure enough for a WCF service?
Consuming a web service using a different interface
WCF and ASP.NET Web API: Benefits of both?
Performance concern on WCF service vs MVC WebAPI
How to pass parameter (id) to message inspector in WCF?
How to use JWT tokens with WCF and WIF?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!