Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, February 20, 2012 2:11 AM
Hi,
I'm on a Server 2008 R2 box attempting to complete a certificate request with IIS 7. I browse to the *.cer file (GeoTrust), give it a Friendly Name, and click OK. I'm returned with: There was an error while performing the operation. Details: Access is denied. (Exception from HRESULT: 0x080070005 (E_ACCESSDEINED)) I'm logged in as an account with full domain admin privileges.
I followed the instructions here: http://toastergremlin.com/?p=432 but it hasn't fixed the problem.
Any ideas? Thanks in advance!
All replies (3)
Monday, February 20, 2012 6:39 AM âś…Answered
did you imported into the Personal store? Ok, then it looks like something got corrupted. I would just try the whole procedure again - just try importing again. If you are not yet successful, just do the whole request procedure again starting with the new request in IIS, enrolling in GeoTrust and importing back. GeoTrust allows you probably several cert requests/renewals for the single price, so you would not pay again probably.
Basically, I would first export/backup the request from MMC console as soon as it is generated by the IIS so that you can reimport it again after something goes wrong.
ondrej.
Monday, February 20, 2012 5:47 AM
when you start MMC and add the Certificates (local computer) snap-in, expand the Certificate Enrollment Requests container. Do you see the original request there? Does the properties of the request show that "You have the private key for this certificate"?
Now, just to be sure you have a backup and route back - export the request with its private key to a .PFX file.
After you have the backup - expand the Personal node of the Certificates MMC. Right-click to Import the .CER file that you received from GeoTrust.
Does this method works? Was the import successful? Do you now see the imported certificate in the Personal store of the Local Computer? Does the certificate say that "You have private key for this certificate"?
ondrej.
Monday, February 20, 2012 5:59 AM
Hi Ondrej,
When I open mmc and add the Certificates snap-in I can see two requests in there as per the attached picture. They are dated the same but one has a friendly name and the other does not.
I was able to export the certificate & private key for the one that did not have a friendly name, but when I tried to export the one with the friendly name it would now allow me to export the key with it.
I then imported the certificate I had received from GeoTrust but it does not show in the list in the Personal / Certificates tree. Also, I should add that this certificate is being used for a Remote Desktop Services gateway to allow users to connect in from home. When I generated the CSR I followed the IIS7 instructions on the GeoTrust website.
Thanks,
Blake
