Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / October 2006

Tip: Looking for answers? Try searching our database.

WSE600: Unable to unwrap a symmetric key using the private key of.

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Stefan - 04 Jan 2006 14:34 GMT
...an X.509 certificate. Please check if the account 'FRAN0111\ASPNET' has
permissions to read the private key of certificate with subject name
'CN=PayService' and thumbprint....

I get this error message in the service input trace using
usernameForCertificate turnkey scenario with my own certificate which I
created using makecert:

makecert -a sha1 -n "CN=PayService" -ss my -sr LocalMachine -pe PayService.cer

I followed the suggestion in the error msg and added read (and write access)
for the private key. Everything seems to be identical to the sample
WSE2QuickStartServer certificate, which works fine.
My own certificate doesn't work.

Do you have any suggestions, what i Could do?
Reply to this Message
Wolf - 06 Jan 2006 16:56 GMT
Find the private key in this folder:

C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys

And give ASPNET account permissions to read it.

> ...an X.509 certificate. Please check if the account 'FRAN0111\ASPNET' has
> permissions to read the private key of certificate with subject name
[quoted text clipped - 12 lines]
>
> Do you have any suggestions, what i Could do?
Reply to this Message
Stefan - 10 Jan 2006 16:03 GMT
I had already done this (that's what you can do with the WSE 3 certificate
tool)
It point exactly to that RSA folder.
ASPNET has full control. The error message stays the same.
What else could be wrong?

> Find the private key in this folder:
>
[quoted text clipped - 19 lines]
> >
> > Do you have any suggestions, what i Could do?
Reply to this Message
Julie Lerman - 16 Jan 2006 19:24 GMT
just an FYI - I am having this same problem with a certificate on my web
server. NETWORK SERVICE now has FULL CONTROL and still I am getting the
message.

I did not have the problem on the client development machine however.

Stefan, have you verified that it is trying to get at the correct key? In
the error message, it should give you the SHA-1 hash key of the certificate.
You can compare that with the information on the certificate when you open
it up in the tool. When you have the "Select Certificate" window open you
can "View Certificate". The same key should be in the thumbprint property on
the Details page.

julie lerman

>I had already done this (that's what you can do with the WSE 3 certificate
> tool)
[quoted text clipped - 28 lines]
>> >
>> > Do you have any suggestions, what i Could do?
Reply to this Message
Julie Lerman - 16 Jan 2006 20:01 GMT
p.s. -
although I have no idea what I did differently, after much mucking, my web
server certificate is finally working.

> just an FYI - I am having this same problem with a certificate on my web
> server. NETWORK SERVICE now has FULL CONTROL and still I am getting the
[quoted text clipped - 44 lines]
>>> >
>>> > Do you have any suggestions, what i Could do?
Reply to this Message
Rogelio Tristan - 14 Oct 2006 00:14 GMT
I HAVE DISCOVERED THE SOLUTION!!!

ms-help://MS.WSE30.1033/WSE3.0/html/b5a8bce9-31a2-444c-a762-86f5bf2abd96
.htm

this was the correct URL, follow step #2 exactly.

once you try running it again it should work. it doesnt work you say ?

right click your solution and pick "Rebuild Solution" then run it.

the problem is that in microsofts tutorial it doesn't mention you need
to REBUILD the solution after you have given ASPNET right, not just
build.  I'm not 100% sure the reason, but I think it has to do with the
changes done in the <process model> node in the machine.config file.
these changes do not reflect untill you rebuild the solution. this
worked for me, and I tested it on the machine next to me, then I tested
it again on the machine next to me. this has fixed the problem all 3
times. I am about 90% sure this will solve the problem for you.

also, if ASPNET is not found in the list of accounts, (in the
certificate tool, after you have selected to view private key file
properties, and then clicked the "security" tab, then clicked "add"),
you need to click "Locations", highlight your computer (which is usually
the top most node) then click "OK" then type "ASPNET" in the "Enter
object names" box and click OK. ASPNET should be added now. all you need
to assign it is read/read & execute rights.

hope this helps. I am the champion!
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.