8

using makecert i have written the commade:

makecert -pe -n "CN=Myauthority" -sr localmachine -ss Root -a sha256 -cy authority -r -sk MyCAContainerName -sky exchange -sp "Microsoft RSA Schannel Cryptographic Provider " -sy 12 -len 2048 certif.cer;

i recieved an error

Error: Can't create the key of the Subject <'MyCAContainerName'>

In seeking the solution, I discovered that the problem arises because I did not Authorizations on machineKey file : (C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys ), the

following link explains better what I'm saying;

http://support.microsoft.com/kb/278381

I followed the same procedures in order to have enough permissions to the a machine key, but the problem is always posed

skaffman
  • 398,947
  • 96
  • 818
  • 769
Mely
  • 317
  • 2
  • 4
  • 16

4 Answers4

5

It seems that Can't create the key of the subject is a fairly generic error, however, what follows after it may give a clue.

While it may be caused by permissions errors (e.g. makecert.exe error: Can't create the key of the subject), I have also seen the error of the form Can't create the key of the subject ('<some guid>') caused by an incorrect parameter to the -sp argument.

In your case, Error: Can't create the key of the Subject <'MyCAContainerName'> would make me guess that there is something wrong with the -sk MyCAContainerName portion of the command, but the upshot is, if it is not something with permissions, than it is likely an incorrect command argument or combination of arguments.

Nathan
  • 10,593
  • 10
  • 63
  • 87
  • 1
    Thanks. It seems that I can never use `-sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12` even though this CSP is valid according to the explanation for these options on the [makecert page](http://msdn.microsoft.com/en-us/library/bfsktky3%28v=vs.110%29.aspx) (i.e. they are in the registry.) – Carl G Feb 13 '14 at 20:39
4

Master,

I Ran on the same error. I solved it running command prompt as an administrator user.

MV

user5304010
  • 41
  • 1
1

Its late but I have the solution to this. First execute the command as you are, it will give the error Error: Can't create the key of the Subject <'MyCAContainerName'>. But it will create a .pvk file. Don't delete it. Instead execute the command again, but this time remove -sk MyCAContainerName from the command. And it will create your certificate.

Aishwarya Shiva
  • 3,460
  • 15
  • 58
  • 107
0

In my case the C drive did not have enough space. I cleared some unwanted files and folders and it worked.

subs
  • 2,189
  • 12
  • 35
  • 59