Exception details when accessing the WCF service: System.Security.Cryptography.CryptographicException: The key set does not exist. ArgumentException: The certificate "Cn=myservercert" must have a private key that is capable of key exchange. The process must have permission to access the private key. This problem is caused by the read access rights of the account (NETWORK service/aspnet) used by WCF to the certificate private key file.
The above error is mainly caused by the Network Service (Server) user does not have access to the certificate permissions, to resolve the error, only need to assign permissions to the corresponding account, Here, the permissions for IIS to access the certificate key can be handled by WinHttpCertCfg.exe, just by executing the program from the command line, as shown below.
Winhttpcertcfg-g-C local_machine\my-s myservercert-a "NETWORK SERVICE"
After running the command, after running the WCF service, everything OK
Other workarounds refer to: WCF Deployment: Let IIS have access to the certificate file
--------------------------------------------------------------------------------------------------------------- ----------------
If access is set and the above error occurs, you need to set up the application pool as follows:
Enter the classic. NET AppPool and DefaultAppPool Advanced settings to set the process model identity to NetworkService
Resolve WCF deployment to IIS "The certificate must have a private key that is capable of key exchange, and the process must have access to the private key"
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
