Reputation: 1728
IIS 8.5 Centralized Certificates - Red X - Cannot find the file specified
Having a strange issue with CCS in Server 2012 R2.
Some certificates in the store do not display properly when the store is viewed in the management console. They have a red X to the left of their names, no data in the info columns, and a message in the upper right of the console saying, "The system cannot find the file specified." Others display just fine. The really strange part is they actually function normally and are served up by IIS just fine. You can also double click them from within the cert store and view all the information including the little message indicating, "You have a private key that corresponds to this certificate."
- All pfx files are in the same folder with the same NTFS permissions
- All pfx files have the same password
- All certs with this issue happen to be GlobalSign AlphaSSL G2 wildcard certs
- GlobalSign AlphaSSL G2 single site certs as well as GoDaddy wildcard certs show up fine
I am curious if there is something strange about these wildcard certs but I definitely haven't noticed anything. Even though they technically work, I do not like the idea of putting this into production without finding an answer to this.
Upvotes: 2
Views: 2237
Answers (4)
Reputation: 51
It helped me with similar issue on Win 2016:
$mypwd = ConvertTo-SecureString -String "PLACE_PFX_PASSWORD_HERE" -Force -AsPlainText
$pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2
$pfx.Import("cert.pfx", "PLACE_PFX_PASSWORD_HERE", "Exportable,PersistKeySet,MachineKeySet")
Export-PfxCertificate -Cert $pfx -FilePath cert.pfx -Password $mypwd
After import certificate from PFX with flags "Exportable,PersistKeySet,MachineKeySet" and export it back to PFX, new file was successfully recognized by IIS Centralized Certificates Store.
Upvotes: 5
Reputation: 41
In some situations problem can be fixed by setting "Load User Profile" parameter to true in pool configuration allowing the account for partial loading of user profile and some other operation like temporary file creation in user's specific folders.
Upvotes: 0
Reputation: 3832
Thanks. Wasted hours of my time doing this as well with exactly the same problem. Please note that if you give your account which accessing the share Admin access then it will work even with those exported certificites with openSSL.
Upvotes: 0
Reputation: 1728
So, after further experimentation, it would appear this had something to do with how the certs were assembled/exported via openssl in Linux. Since they were valid, working certs, I manually installed them on a Windows system and then re-exported them with the same password and put them into the CCS folder. While the properties appear the same, these new PFX files now display properly when viewing them in the CCS.
Upvotes: 0
Related Questions
- Certificate error DLG_FLAGS_SEC_CERT_CN_INVALID
- Authorize failed when any not-self-signed certificate exists in trusted root certification authorities
- The system cannot find the file specified. error for .p12 certificate file
- NET::ERR_CERT_COMMON_NAME_INVALID security certificate does not specify Subject Alternative Names
- Untrusted certificate on IIS using OpenSSL
- https certificate issue
- SSL certificate is not installing
- Error: 'The system cannot find the file specified.' when trying to access certificate
- Applying SSL certificate in IIS manager and "The process cannot access the file because it's being used by another process" error
- Cannot get my certificate to work in IIS 7.5