![]() Take a backup of the existing certificate and then replace it with a self-signed certificate. The error code returned from the cryptographic module is 0x8009001a.Ĭheck if the website works with a test certificate. You may see an error code of 0x8009001a in the following SChannel event log: Event Type: ErrorĪ fatal error occurred when attempting to access the SSL server credential private key. If the permissions are in place and if the issue is still not fixed, then there might be a problem with the certificate. All the private keys are stored within the MachineKeys folder, so make sure you have the necessary permissions. So, try the following steps to resolve the warning:įirst, verify the permissions on the MachineKeys folder. This event or error indicates that there was a problem acquiring certificate's private key. The error code returned from the cryptographic module is 0x80090016. You have a private key that corresponds to this certificate but CryptAcquireCertificatePrivateKey failed.Īdditionally, the following SChannel warning will appear in the system event logs: Event Type: Errorĭescription: A fatal error occurred when attempting to access the SSL server credential private key. While running the SSLDiag tool, you may see the following error message: If you have a certificate that contains the private key and you're still unable to access the website, then try running this tool or check the system event logs for SChannel related warnings or errors. Resolutionĭownload and install SSL Diagnostics tool on the server. You still can't access the website over HTTPS. However, you continue to see the error shown in scenario 1. In this scenario, consider that you have a server certificate that contains the private key installed on the website. If this fails, then you need to get a certificate containing the private key from the certification authority (CA). The certutil command may not always succeed. Do a Ctrl+ A and then Ctrl+ C to select and copy it.Select the thumbprint section and click on the text below.Scroll down to find the thumbprint section.In this example, 1a 1f 94 8b 21 a2 99 36 77 a8 8e b2 3f 42 8c 7e 47 e3 d1 33 is the thumbprint of the certificate. If the association is successful, then you would see the following window: Here's a command that you could try to run to associate the private key with the certificate:: C:\>certutil - repairstore my " 1a 1f 94 8b 21 a2 99 36 77 a8 8e b2 3f 42 8c 7e 47 e3 d1 33" If private key is missing, then you need to get a certificate that contains the private key, which is essentially a. See the following screenshot of the Certificate dialog: Scenario 1Ĭheck if the server certificate has the private key corresponding to it. There could be many reasons which are detailed in the next few scenarios. The error message is shown because the SSL handshake failed. Now, let's assume the website is accessible over HTTP and the previous error message is shown when you try to browse over HTTPS. Before using this troubleshooter, you must have the website operational on HTTP. If it's not, there likely is a separate issue that's not covered in this article. The first pre-requisite that has to be checked is whether the website is accessible over HTTP. You see the following error message while browsing a website over HTTPS: The tools used to troubleshoot the various scenarios are: It's assumed that you're well-versed in SSL Handshake and the Server Authentication process during the SSL handshake. The private key is known only to the server. It's important to know that every certificate comprises a public key (used for encryption) and a private key (used for decryption). This article is meant for troubleshooting the SSL Server certificates issue only. If the Client certificates section is set to "Require" and then you encounter problems, then this isn't the article you should refer. It covers server certificates that are meant for server authentication, and doesn't cover client certificates. This article helps you troubleshoot Secure Sockets Layer (SSL) issues related to Internet Information Services (IIS) only. Applies to: Internet Information Services 6.0, Internet Information Services 7.0 and later versions Overview
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |