I'm trying to create a self-signed certificate from within the IIS 7 snap-in, with little luck. When prompted for a friendly name for the certificate, I type in the name, and click OK, but then I am shown:
There was an error while performing this operation. Details: Access is denied.
I am doing this while logged on with an account with full administrative privileges.
Any ideas?
Check the permissions on the C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys folder. On my domain joined W2k8 member server the permissions are set like so:
Everyone
List folder / read data
Read attributes
Read extended attributes
Create files /write data
Create folders / append data
Write attributes
Write extended attributes
Read permissions
This folder only
SERVER\Administrators Full Control This folder only
No inheritance
Additionally, all of the files in this folder have their own permissions. You may want to see if your self signed cert is being created and deleted when the access denied error appears.
Did you run the IIS7 snapin as Administrator? If you right click on the IIS7 icon and click on "Run as Administrator" it should work.
Have you tried using the Administrator user account? I know sometimes that even though I may be using an administrative account, Windows wants the Administrator for performing certain operations.
One example that I have encountered with that scenario was running adprep on a domain controller so that I could join a Windows Server 2008 R2 box to the domain. No matter that I was an Enterprise Admin, it would not let me with my account. I had to Run As Administrator.
