I have a WinForms application that consumes a WCF, and pass as a parameter to a function a certificate:
mySvcClient.SendDocument(cert.Export(X509ContentType.SerializedCert, "password")); ...
In WCF service, I recreated the certificate from the array of bytes:
public void SendDocument (byte[] binaryCert) { X509Certificate2 cert = new X509Certificate2(binaryCert, "password"); ...
But when using the certificate to sign a xml, I got the error "Keyset does not exist":
if (cert.HasPrivateKey) // WORKS!!! { signedXml.SigningKey = cert.PrivateKey; // THROW "keyset does not exist" EXCEPTION ...
In my computer, the application works 100%! But in the WebServer, I got this error!
The question is: even X509Certificate2 recreated from an array of bytes, I need some special permission to access private key?
Thank you!
I was getting the error : CryptographicException 'Keyset does not exist' when i run the MVC application. Solution was : to give access to the personal certificates to the account that application pool is running under. In my case it was to add IIS_IUSRS and choosing the right location resolved this issue.
Step 1: Go to folder (C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA). Step 2: Open properties for MachineKeys Folder and go to Security Tab. Step 3: Provide Read & execute and List folder contents permission for IUserand Network Service account.
If you are using windows server 2008 or windows 7, then you need the permission to read private key.
FindPrivateKey My LocalMachine -n "CN=MyCert" –a
it returns the path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys[File Name]
Go to that path and open file properties
Go to security tab
Click on "Edit" then "Add"
In opened dialog write: IIS AppPool\[your application pool name] and click OK
Now your application pool has permission to read this private key.
I have faced this issue, my certificates where having private key but i was getting this error("Keyset does not exist")
Cause: Your web site is running under "Network services" account or having less privileges.
Solution: Change Application pool identity to "Local System", reset IIS and check again. If it starts working it is permission/Less privilege issue, you can impersonate then using other accounts too.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With