Cannot find a unique certificate that matches the criteria

Kjaneb picture Kjaneb · Jul 14, 2010 · Viewed 17.8k times · Source

I am running into the following error when attempting to parse my token:

Property name: 'certificateReference'
Error: 'ID1025: Cannot find a unique certificate that matches the criteria.
StoreName: 'My'
StoreLocation: 'LocalMachine'
X509FindType: 'FindByThumbprint'
FindValue: '‎41a8a59e537d4a00a8c4fa8dc2522388dbd13d27'

The section in my web.config is:

<serviceCertificate>`
    <certificateReference x509FindType="FindByThumbprint" findValue="‎41A8A59E537D4A00A8C4FA8DC2522388DBD13D27" storeLocation="LocalMachine" storeName="My" />
</serviceCertificate>

I have confimed the certificate exists in IIS, MMC and Internet Explorer and have tried changing the Find type to subject with no avail. I have also tried the thumbprint to be upper case, lower case, with spaces and without spaces. I have also confirmed the certificate exists LocalMachine\My with the following results:

Matching certificate:
CN=kelly-pc

Additional accounts and groups with acces to the private key include:

NT AUTHORITY\SYSTEM
BUILTIN\Administrators
KELLY-PC\Kelly
BUILTIN\IIS_IUSRS

Answer

Guish picture Guish · Jul 17, 2013

I had exactly the same problem. By copying my web.config section in Notepad++(not notepad) I saw an invisible character:

<serviceCertificate>
        <certificateReference  x509FindType="FindByThumbprint" findValue="?e36df2f3e351a25adf8ffb6ad3619f10238f0317" />
</serviceCertificate>

Delete this character and it should work.

Without Notepad++ you can just press backspace in front of the thumbprint value(trying to delete the " char.