Copied from random places:
- Tool: SSL Diagnostics, available from Microsoft.
Very powerful tool for debuging SSL related problems. Highly recommended if you are having trouble with SSL on IIS.
- This command is for repairing the private key asscoiated with a cert. Usefull when the pk is shown as corrupted or missing.
certutil -repairstore my “SerialNumber”
More info about privatekeys: http://support.microsoft.com/kb/889651/
- If you see this in SSL diagnostics (Like the one i saw today..):
#WARNING: You have a private key that corresponds to this certificate but CryptAcquireCertificatePrivateKey failed’.
The cure is here 🙂
1. Set the correct permission for Machinekey folder C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
2. Grant administrator and system Full Control Permissions. You should check ‘Replace permission entries on all child objects with entries shown here that apply to child objects’ check box on the ‘Advanced’ dialog.
3. Restart IIS (IIS manager > All Tasks > Restart IIS…)
Thanks to those info & tools I finally solved the damn SSL cert problem on my TMS sever today, yeah~