Reputation: 21601
Why is access denied when installing SSL cert on IIS 5?
I'm working with a support person who is supposed to be able to install SSL certs on a web server he maintains. He has local admin rights to the server via a domain security group. He also has permissions on our internal CA running Windows 2003 Server Certificate Authority: "Request cert" and "Issue and Manage certs".
The server he's working with is running Windows 2000 SP4 / IIS 5. When he attempts to create an online server cert the IIS wizard ends with "Failed to install. Access is Denied.". The event viewer is not working properly, so I can't find any details there. I suspect the permission issue is locally and not with the CA.
My account is a domain admin account and I know I am able to do this operation, however I need to make this work for others that are not domain admins.
Any ideas why he can't perform this operation?
Upvotes: 3
Views: 16763
Answers (2)
Reputation: 2169
If you're renewing a certificate, then it's possible that you imported your new intermediate certificate (.pb7) before removing your existing (expired) certificate from IIS. You would get an access denied error because both the old and new certificates are for the same domain.
So by the time you get this access denied error, there are three things you must do.
- Remove all certificates for this domain name from IIS, including the new one you just imported..
- Go back to Console1, and remove the certificate for your domain name from Local Computer\Certificate Enrollment Requests\Certificates.
- Start over.
Upvotes: 2
Reputation: 129
I had this exact same issue a few months ago when I was setting up a cert for a client.
There's a MachineKeys folder that the Administrator need rights -
\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
give Administrator (or the Administrator group) Full Control over this directory. I don't think you have to restart IIS, but it never hurts .
I have no idea why Admin doesn't control this as default. Once this is changed, the Certificate Creation Wizard will successfully generate the certificate request.
I think there's even a Microsoft KB article about it somewhere.
EDIT: Here's the KB article : http://support.microsoft.com/kb/908572
-Jon
Upvotes: 6
Related Questions
- IISRESET windows 10 (IIS 10) Access denied
- 403 - forbidden access is denied. IIS
- "The RSA key container could not be opened" Error even after ACL Permission (for some users)
- Certificate Installation Access Denied Error
- Web.Config - Cannot read configuration file due to insufficient permissions
- ASP.NET IIS 7.5 Error, Access Denied
- SSL certificate is not installing
- Cannot Start IIS on my PC: COM+ System Application: Access is Denied
- Applying SSL certificate in IIS manager and "The process cannot access the file because it's being used by another process" error
- Forbidden 403 error when attaching client certificate