Issue with Self Signed Cert in WCF - Must have Private Key

JoshBerke picture JoshBerke · Dec 5, 2008 · Viewed 15.1k times · Source

I am creating a WCF service hosted within IIS7 on Windows Vista SP1. I am getting the following error:

The certificate 'CN=SignedByLocalHost' must have a private key that is capable of key exchange. The process must have access rights for the private key.

It looks like I would need to give the host process assess to the certificate which was done in the past with winhttpcertcfg which has been deprecated for Vista. The article I found indicates to use the certificate console, but I am missing somethign because I don't see any capability to edit my cert.

Any help would be great!

Thanks

Answer

JoshBerke picture JoshBerke · Dec 5, 2008

Figured it out.

Assuming you have a self signed cert at c:\OutCert the following command will work. I had left off the -sky exchange.

makecert -sk SignedByCA -iv c:\OutCert.pvk -n "CN=MyLocalHost" -ic c:\OutCert.cer -sr LocalMachine -ss My -sky exchange pe

Now you can go into the MMC tool and manage the private keys and grant IIS access to the key. To manage private keys, right-click on the certificate and select All Tasks / Manage Private Keys.