I am having a strange problem which I've googled and googled with no result. I'm attempting to setup a certificate for a wcf service application on windows server 2008 R2. I've imported the certificate into the localmachine personal store, and I'm getting the dreaded
"Keyset does not exist...the certificate ... must have a private key that is capable of key exchange. The process must have access rights for the private keys."
I have tried to set the permissions on the private key, using the "Manage private keys" option in mmc, also tried setting the permissions on the private key file manually that is located in C:\programdata\microsoft\crypto\rsa\machinekeys. I verified I'm modifying the right file by using the findprivatekeys tool, and also tried using the WSE X.509 Certificate tool. For sanitys sake, I even gave read access to "Everyone" on the file, still doesn't work.
Is there something I'm missing here? I'm using IIS7 and I normally give access to the file for the IIS_IUSRS group. All of this has worked fine in other testing on VMs. I've even used the exact same certificate on other machines, and they work there...
I'm lost...The one thing I've noticed is that if I edit the permissions in the 'manage private keys' dialog, the security settings changes don't reflect when I look at the permissions for the file, and vice versa. Where else could the file be? Regardless, I gave max permissions from both places with no luck.
